On Fri, 25 Aug 2023 at 16:27, Stephen Smoogen <ssmoo...@redhat.com> wrote: > It depends on the scanning from ports open to unknown shared files to 'why > did our network costs go up so much?'
Surely if you're on a local network with bandwidth costs you'd turn off avahi or lock down the firewall? Lots of stuff blasts out mDNS traffic these days. > Going from other things it has been a way to inject bad packages, bad > metadata, mass system slowdowns across a fleet, using the service on N > systems as a DDOS against third parties (which they then charge fees for), > etc. All good things to document in the README, thanks. I think it helps that if you're on a LAN with 25 machines all offering the same file we choose one *at random* so if there's one bad actor we don't degrade things for everybody all at the same time. And the fallback for "someone on my LAN has given me garbage" is "fall back to the CDN" anyway. > chained flaw in say a compression routine which 'should never happen with > legitimate data'.) Agree. I'm less worried about this one as the first thing we do is compare the SHA-256 checksum, and the next is check the signature using GnuTLS. I'll update the README with some of those points next week, thanks. Richard. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
