[arch-dev-public] pkgstats: second try

Pierre Schmitz pierre at archlinux.de
Fri Sep 10 16:27:17 EDT 2010

On Fri, 10 Sep 2010 16:16:46 -0400, Daenyth Blank
<daenyth+arch at gmail.com> wrote:
> On Fri, Sep 10, 2010 at 16:15, Ionuț Bîru <ibiru at archlinux.org> wrote:
>> i noticed this myself when i tried to submit the data from other machine in
>> my network.
>> like an idea we can use the UUID from the root partition
> Maybe.. Would it make more sense to take a hash of the eth0 mac
> address? Not sure if that is sensible... I guess the UUID doesn't
> change that often.

Well, we have discussed all this before. If I don't limit the
submission by ip it will be too easy for a single person to flood us
with false data making the whole stats pointless. The ip is the only
value you cannot easily spoof over internet.

Whatever we would implement on the client side (pkgstats) doesn't
matter as you still can post your data directly or just modify the
script. (and yes, client ssl certs are overkill and people wont use

One thing I could do though is to allow more than one submission per ip
and day. what would be a reasonable value? Like 10 submission per ip
within 24h?



Pierre Schmitz, https://users.archlinux.de/~pierre

More information about the arch-dev-public mailing list