[cc-ing John Nagle as context suggests he's not on this list. John, if you are subscribed, please say so and we'll stop cc-ing you.]
John, thanks very much for researching the problem before reporting it. I understand it can be alarming to see that an automated system is accessing your system in what appears to be an inappropriate fashion; thank you for coming to us with information instead of demands :-) John Nagle <[EMAIL PROTECTED]> writes: > We noticed a wierd usage of our SiteTruth.com site mentioned in a > Debian bug report. Bug report #423669 apparently patched a problem > by using a link to a CGI script on our site. That's not the case. Varun Hiremath is showing an example of a workaround to fetch a file; bug #423669 is unrelated to sitetruth.com. > We have a system that rates web pages, and as a service for > webmasters, we have a little utility, "viewer.cgi", which is used to > show users how our crawler saw a page. Somebody stuck this into a > Debian watchfile because it can be used to read a HTTPS page via > HTTP, something they needed. Yes, that was the example. It's actually unrelated to the resolution of bug #432669, which was (according to the information in the bug report) fixed by implementing HTTPS properly in the 'uscan' utility. > SiteTruth really shouldn't be part of some Debian build procedure. > We suggest finding some other way to read HTTPS pages with HTTP. > Wrong tool for the job. Thanks. You're quite right that it would be foolish to do so. I believe, from reading the bug report, that it was merely being used to demonstrate the problem (lack of HTTPS support), rather than to become part of a package's built procedure. Do you have reason to believe the sitetruth.com service is still being accessed routinely from Debian build programs? -- \ "Today, I was -- no, that wasn't me." -- Steven Wright | `\ | _o__) | Ben Finney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]