Stats page availability

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Stats page availability

Phil Pennock-17

I was slightly surprised to find the stats web-page served up by sks;
much of it isn't sensitive, but I'm a little reluctant to have listed
the version and the Gossip Peers; as far as I can see from reading the
source there are no access controls or knobs to filter this.

Is the peer list something which the distribution protocol would make
available anyway, so that I'd just be fooling myself by limiting its

Is there a philosophical view that this data should always be exposed?

I know that restricting the version visibility only helps by obscurity
if I'm lagging behind on upgrade when there's a security-critical
update, but still, who needs to see it?  Or is the idea that your peers
should always be able to see?  Since the trust is inherent in the data,
rather than the protocols or servers, I'm not seeing that it's necessary
to expose it to peers but perhaps I'm just being asocial.

Clue welcomed.


Sks-devel mailing list
[hidden email]

attachment0 (169 bytes) Download Attachment