[aur-general] Git over HTTPS

[Giancarlo Razzolini]

Em 15-06-2015 17:00, Pablo Lezaeta Reyes escreveu:
> Is not the only as pointer in this thread,
> also you not considered the idea that burocracy for somethink that 
> simple as oppen a port could take months if not year or even coutless 
> failed attempts?

Well, each organization has it's own process. But, it doesn't protect 
any internal machine not to allow outgoing ssh.

> In my school we get attempts to forcebrute into ouir server... this 
> once was attempted throw port 22, that what I get in response for 
> request open port 22 in my school firewal.

Yes, this is a common problem. You can have some sort of blocking 
daemon, like fail2ban, or you can change the ssh port altogether. But, I 
don't see arch doing this, since tcp port 22 is the IANA assigned port 
for SSH. I bet they have bruteforce mitigations in place, on top of only 
allowing PubKey authentication.

>
> Therefor they refuse to open 22 since that insident.
>
> or you think is saner that every user repeat a process for every 
> machine, instead of offerted an alternative port for those countless 
> users that cant (as I mention ealy) oppen 22? Well burocracy and dumb 
> admins are nought to not let you open port 22, this word is a place 
> ful of peoples of all kinds, and full of dumb decisions.

If they can't distinguish, as other people already mentioned, from 
incoming and outgoing, then they should really rethink their carreers. 
It's the same thing with ICMP or VLAN's. I don't really worry about 
being blocked at any place I might go because I use a VPN. I think 
everybody should get one, not just for better privacy and unblocked 
internet access, but for avoiding ISP QoS. But it's sad to know that 
some people will let this kind of blocking (which is relatively easy to 
circumvent) prevent them from contributing to arch.

Cheers,
Giancarlo Razzolini