[pydotorg-www] Repeated outages of python.org

Radomir Dopieralski sheep at sheep.art.pl
Mon Jul 25 20:58:21 CEST 2011


On Mon, Jul 25, 2011 at 20:52, M.-A. Lemburg <mal at egenix.com> wrote:
> "Martin v. Löwis" wrote:
>>> If you look through the archives, it's very easy to find out about
>>> the infrastructure setup being used to run python.org. Take e.g.
>>> this thread as example:
>>>
>>> http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results
>>
>> This information is also published in the Wiki, and deliberately so.
>>
>> There is nothing secret about the setup of python.org, except for the
>> actual passwords.
>
> So you deliberately make it easy for potential attackers to
> find out about everything they need to know in order take over
> the site.
>
> Could you explain the reasons behind this ?
>
> While having documentation of the setup is essential, I don't think
> making that documentation available outside the group of administrators
> is a good thing to do.

In my experience, if you need to rely on obscurity as your security
measure, then you are in a very bad position.

-- 
Radomir Dopieralski, http://sheep.art.pl


More information about the pydotorg-www mailing list