On the unreliability of IRC for statistics.

author Eric S. Raymond <esr@thyrsus.com>

Sun, 30 Sep 2012 05:20:37 +0000 (01:20 -0400)

committer Eric S. Raymond <esr@thyrsus.com>

Sun, 30 Sep 2012 05:20:37 +0000 (01:20 -0400)
author Eric S. Raymond <esr@thyrsus.com>
Sun, 30 Sep 2012 05:20:37 +0000 (01:20 -0400)
committer Eric S. Raymond <esr@thyrsus.com>
Sun, 30 Sep 2012 05:20:37 +0000 (01:20 -0400)
diff --git a/security.txt b/security.txt

index 9a72dafc3c8ff8da766c218e766e7bde0b059b4a..01488a50efd575830652d764774679c270d4e593 100644 (file)
--- a/security.txt
+++ b/security.txt
@@ -186,6 +186,15 @@ in-band authentication in that they would leave the job to specialist
  code not in any way coupled to irkerd's internals, minimizing
  global complexity and failure modes.
  
+One larger issue (not unique to irker) is that because of the
+insecured nature of IRC it is essentially impossible to secure
+#commits against commit notifications that are either garbled by
+software errors and misconfigurations or maliciously crafted to
+confuse anyone attempting to gather statistics from that.  The lesson
+here is that IRC monitoring isn't a good method for that purpose;
+going direct to the repositories via a toolkit such as Ohloh is
+a far better idea.
+
  === Future directions ===
  
  There is presently no direct support for spipe or stunnel in
author	Eric S. Raymond <esr@thyrsus.com>
	Sun, 30 Sep 2012 05:20:37 +0000 (01:20 -0400)
committer	Eric S. Raymond <esr@thyrsus.com>
	Sun, 30 Sep 2012 05:20:37 +0000 (01:20 -0400)