On Mon, Jul 25, 2011 at 20:52, M.-A. Lemburg <m...@egenix.com> wrote: > "Martin v. Löwis" wrote: >>> If you look through the archives, it's very easy to find out about >>> the infrastructure setup being used to run python.org. Take e.g. >>> this thread as example: >>> >>> http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results >> >> This information is also published in the Wiki, and deliberately so. >> >> There is nothing secret about the setup of python.org, except for the >> actual passwords. > > So you deliberately make it easy for potential attackers to > find out about everything they need to know in order take over > the site. > > Could you explain the reasons behind this ? > > While having documentation of the setup is essential, I don't think > making that documentation available outside the group of administrators > is a good thing to do.
In my experience, if you need to rely on obscurity as your security measure, then you are in a very bad position. -- Radomir Dopieralski, http://sheep.art.pl _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org http://mail.python.org/mailman/listinfo/pydotorg-www