Hi! On Tue, Aug 05, 2008 at 08:01:12PM +0200, Oliver Schmidt wrote: > As Mike already pointed out I see your policy easily yield lots both > false positives and false negatives (aka type I and type II errors). This is true for every security measure and no argument against it. If you lock the door of your home, you're forced to carry the key with you and take care of it. If you loose it, you're in trouble, because the door won't let you in regardless of the fact that you have every right to pass. Spam filters might block legitimate mail. Virus email scanners may block important content and so on. Every security measure has a chance for false positives (and false negatives). It depends on your point of view if you consider this acceptable or not. In any case the principle "my system, my rules" holds true. And in the given case, it's my system:-) > FCrDNS is about hosts, not about individuals. It's intended for > machine to machine communication. But here we talk about individuals > accessing a source code repository. It's always individuals who are communicating, so according to you, this rule would never hold true. Since Mails come from individuals and are targeted to individuals, does that mean, I cannot filter based on IP addresses in my mail server? > Although questionable from an ethical point of view the bank just has > statistical data that shows a correlation between neighourhood and > payments morality. I however doubt that you have such data on the > correlation between using an FCrDNS-less ISP and hacking your site. Since I've had systems connected to the internet for a long time now, I've written complaints about hacking attempts quite often. And I can confirm, that an ISP that doesn't have a valid DNS setup will usually ignore any complaints. See also http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS > I might serve as a good example: I'm contributing to cc65 for quite > some years by now. I envision this stealing time from my familiy. > Therefore I'm strictly staying clear from additionally stealing money > from my familiy. So I'll certainly stay with my el cheapo ISP. Not > getting access to your repository for that reason seems discriminating > to me. > > The internet of today is an internet of a mobile individual: Home, > office, public hotspots, ... So from my perspective the (only) way to > go for secure accessing a source code repository is on individuals > with a PKI. Give certificates to people you either trust for some > reason or you can identify in some way. If a certificate is obused > revoke it for good. Oliver, you know that I'm very glad about the work you've done for and with cc65. So why don't you contact me and ask for a possible solution? PKI is quite a lot of work (BTDT), and I'm not sure if I'm willing to invest this work, but there are other options. I could for example exclude your dialin IP range from checking, give you an ssh account or whatever. There's no need to argue against a security measure as a whole just to find a solution for an individual. Regards Uz -- Ullrich von Bassewitz uz@musoftware.de ---------------------------------------------------------------------- To unsubscribe from the list send mail to majordomo@musoftware.de with the string "unsubscribe cc65" in the body(!) of the mail.Received on Tue Aug 5 20:50:35 2008
This archive was generated by hypermail 2.1.8 : 2008-08-05 20:50:38 CEST