[darcs-users] cgi script thoughts
simon at joyful.com
Sun Jul 4 16:09:57 UTC 2004
>That said, I think 'darcs.cgi' is more aesthetically pleasing than
>'darcsrv.cgi', but I don't have strong feelings on the matter.
There's always "viewdarcs".. (viewcvs, viewsvn etc..)
>It should be pretty easy to do this in the XSLT templates, but is it
>really effective? I would expect the email harvesters to be able to
>parse many simple obfuscations and it would be an inconvenience to
>legitimate users. Still, if there is a desire to do this as a default I
>will update the templates.
I have never liked email obfuscation. But, projects like mine want to
attract new contributors, and for some of them this is the first
exposure of their email address.. when they know they have been
harvested for eternal spamming as a result of contributing, they are not
going to be so happy. When I warn them up front, they become more
reluctant to use darcs and send me clumsy files instead. Since I want
people using darcs as much as possible, I think that standard
mailman-style obfuscation would be a help.
On the other hand, if darcs repos proliferate, they could become a
target for smarter harvesting. With this in mind, perhaps the answer is
to show only the real name part of the submitter's address. I have
already switched to this scheme for release notes.
>This is an important security consideration, everything but the file
>listings causes invocations of darcs which can be very expensive in
>terms of processor and memory use. I would suggest using rlimit or
>whatever your OS's equivalent is to limit the resource consumption.
>I've also envisioned using something such as mod_cache to cache
>responses and avoid invocation of the CGI at all.
Ok.. this is a toughie.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the darcs-users