There's no point wasting development resources on threats that may
never emerge. If attacks become a problem, it can be dealt with then
-- when more information on the nature of the threat is available, so
a better solution can be developed than now (when there is no
information, only speculation).
We're not talking about an airline control system here, where waste is
more than acceptable if it trivially reduces risk.
Regards,
John
On Jan 15, 2009, at 6:38 AM, Yitzchak Gale wrote:
Duncan Coutts wrote:
Detailed build reports with logs are not anonymous, clients will
need an
account on hackage (ie username and password).
Right. If we experience problems with that in the future,
we just have to make sure that it won't be too hard
to set up captcha.
they'll either be obviously bogus
Aren't we talking about an automated system? If we don't
explicitly design for the possibility of hostile reports, any
automated recognition will be trivial to circumvent.
or drowned out by the volume of legit reports.
Again, if this is automated, it is trivial generate the
required volume.
-Yitz
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
