[pydotorg-www] Repeated outages of python.org
"Martin v. Löwis"
martin at v.loewis.de
Mon Jul 25 21:08:26 CEST 2011
> So you deliberately make it easy for potential attackers to
> find out about everything they need to know in order take over
> the site.
>
> Could you explain the reasons behind this ?
This information is not meant for attackers, but for people contributing
to the maintenance of the site. It may also help
attackers, but only a little so, since they can easily gather the
information, anyway.
You seem to favor obscurity as a means of security. Please understand
that this gives a false sense of security.
> While having documentation of the setup is essential, I don't think
> making that documentation available outside the group of administrators
> is a good thing to do.
I disagree. Administrators tend to forget where the information is
stored, and how to access it; they are also uncertain as to whether
certain aspects are documented at all. Giving Google access to this
information (or any other search engine) simplifies maintenance.
Regards,
Martin
More information about the pydotorg-www
mailing list