On Fri, 02 Jan 2004 17:47:43 +0000 Barry Porter <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/01/2004 16:03, Brad Koehn wrote: > [...] > > Yes, I'm paranoid, but the spammers have been going after sites using > > increasingly sophisticated techniques (DDOS being a fairly nasty one). > > It would be wise to get a step or two ahead of them. I'm not enough of > > a perl jockey to know if code signing is supported by the runtime > > (other runtimes do), but we really should start using something to > > verify code. > > An alternative that might be a more secure way of obtaining the file is > if it were available by email response; send an email to a request > address and it is returned to the requester. Or use GPG signing and SHA/MD5 fingerprinting on the souce distribution (AFAIK, perl doesn't support code signing), and distribute it via Freenet, Entropy, and other mostly-anonymous P2P services. A DDoS is only effective if the number of attackers substantially outnumbers the number of defenders or the defender can be found and is immobile. If you can distribute the code widely and automate trust-checking, you should be safe for now. -- Bob ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
