On Sun, Jun 10, 2007 at 09:23:14PM +0100, Justin Mason wrote: > Marc A. Donges writes: > > sa-update being started from cron.daily is probably a DoS attack against > > Spamassassin update servers.
> Actually, we can handle it just fine. We know what we're doing ;) I'm not sure we can right now. (The architecture is there so that we could handle it if we wanted to, but we'd better mitigate it if possible.) [12:59pm] duncf: felicity: are you around? [12:59pm] felicity: duncf: I'm loosely around. how's it going? [12:59pm] duncf: pretty good... just had a question for you about sa-update [1:00pm] felicity: sure [1:00pm] duncf: can you please take a look at http://bugs.debian.org/428319 [1:00pm] duncf: basically the question is how ddos proof sa-update is [1:01pm] felicity: well, there are multiple layers to that question. [1:02pm] duncf: well... the dns bit is pretty robust [1:02pm] felicity: I fully agree with the reporter that the cron job should be "randomized" across a larger time period. [1:02pm] duncf: but the other two bits arent very [1:03pm] duncf: yeah, the only problem with that is for users that rely on anacron [1:04pm] felicity: so yeah, I'm not worried about the dns bit, [1:04pm] felicity: the http serving of the updates can be resilient if setup that way. [1:04pm] felicity: right now, it's just my server iirc. [1:04pm] duncf: yeah [1:04pm] felicity: so that's not so great. I guess the question is, to a certain extent, how many people use anacron, and how many don't. If anacron is used, this shouldn't be a problem. -- Duncan Findlay
pgpvrIhGkWre2.pgp
Description: PGP signature
