[aur-general] Git over HTTPS

Pablo Lezaeta Reyes prflr88 at gmail.com
Mon Jun 15 20:00:43 UTC 2015


2015-06-15 16:33 GMT-03:00 Giancarlo Razzolini <grazzolini at gmail.com>:

> Em 15-06-2015 16:26, Tom Swartz escreveu:
>
>> With all due respect, requiring that a user punch holes in their security
>> firewalls is not a proper or long term solution to the issue at hand.
>>
>
> It is the only solution.

Is not the only as pointer in this thread,
also you not considered the idea that burocracy for somethink that simple
as oppen a port could take months if not year or even coutless failed
attempts?


>
>> For home users, this might be a valid (although no less sane) solution,
>> but
>> in corporate networks where the firewall rules are crafted for a reason
>> (e.g. to protect the rest of the devices on the network).
>>
>
> A rule that denies outgoing SSH access is a dumb one. It doesn't protect
> the rest of the devices on the network.
>
In my school we get attempts to forcebrute into ouir server... this once
was attempted throw port 22, that what I get in response for request open
port 22 in my school firewal.

Therefor they refuse to open 22 since that insident.

>
>> As I mentioned in my original posting, (and as several other users
>> mentioned) many of the solutions are server-side fixes.
>>
>
> Which requires using software that, not only can introduce security
> issues, can decrease the performance. I've used sshlp on the past, although
> I don't think it has any exploitable bugs, it's not as widely used as nginx
> and openssh itself.
>
or you think is saner that every user repeat a process for every machine,
instead of offerted an alternative port for those countless users that cant
(as I mention ealy) oppen 22?

>
>> I firmly believe that restricting access to SSH, port 22 only, is
>> something
>> that will greatly hinder wide adoption.
>> At the very least, it will prevent myself from uploading/updating my
>> several AUR packages.
>>
>
> Instead of requiring others to solve your problem, you should explain to
> your network administrators that this rule is counterproductive. I don't
> really think that this will hinder adoption since port 22 is the default
> ssh port.
>
> Well burocracy and dumb admins are nought to not let you open port 22,
this word is a place ful of peoples of all kinds, and full of dumb
decisions.

> Cheers,
>



-- 
*Pablo Lezaeta*


More information about the aur-general mailing list