[arch-dev-public] [objectives] Package triage on current + extra (archstats)

Roman Kyrylych roman.kyrylych at gmail.com
Mon May 7 14:36:43 EDT 2007

2007/5/7, Dan McGee <dpmcgee at gmail.com>:
> On 5/7/07, Jürgen Hötzel <juergen at hoetzel.info> wrote:
> > On Mon, May 07, 2007 at 12:13:16PM -0400, Dan McGee wrote:
> > >
> > > I've managed to remove about 500 lines of code by moving repetition to
> > > functions (still more to be done, but that was 1/6 of the code). I
> > > also completely bypassed the MD5sum checking stuff, showing how that
> > > is worthless. Simo and I were trying to think of a better way to do
> > > client verification (Jürgen, any ideas?), and we came up with nothing.
> > >
> >
> > There is no solution, if users are anonymous. A simple workaround/hack:
> >
> > Prevent connects from the same IP (for a limited time period).
> >
> > This could limit the possibility to flood the database with multiple
> > machine entries from one user.
> I thought about this solution as well, but I realized it does carry
> with it a rather large negative. If a user has 4 Arch boxes behind a
> router with NAT, and they all run archstats as a cronjob at the same
> time, we would be excluding all but 1 of his boxes from updates.
> How essential is user anonymity on submission? Would users feel
> comfortable registering (which is a hurdle I think we should try to
> avoid) if their anonymous state was still preserved in any data
> presented to the user?

Also, users connected to large ISPs have dynamic IPs (at least this is
common case in Eastern Europe).

Roman Kyrylych (Роман Кирилич)

More information about the arch-dev-public mailing list