Hi Poon, [Note that you have emailed a large number of Debian addresses, most of which are read by volunteers who do not speak for Debian. I'm one of those.]
On Mon, Dec 16, 2024 at 01:09:08PM +0000, Poon Weng Chee wrote: > We have discovered that the public IP address of deb.debian.org, which is > used to access the Debian repositories, is listed as a threat or malicious IP > address on http://brightcloud.com/support/lookup.php. deb.debian.org is hosted by the Fastly CDN as are literally millions of other sites, because that is the point of a CDN. So: 1. There's no point complaining to Debian. This is a bit like you complaining to Martha's Bait and Unix Store that some other site also on Cloudflare is naughty and harming their reputation. They are just not in a position to do anything about it. 2. You should complain to Fastly, but they are probably not going to be interested in what this brightcloud organisation has to say and will want to know which exact malicious site you are talking about. They have probably already removed it from their service. 3. Hopefully as a consequence of (1) and (2) you will see that blocking your own connectivity based on shared reputation in an increasingly centralised world has many pitfalls. > We would appreciate it if you could investigate this matter further. I don't think it is likely that anyone at Debian is going to do anything about this. I also don't rate your chances with Fastly, but they at least would be the correct people to talk to about one of their IP addresses being listed by some arbitrary reputation database. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
