[pydotorg-www] Repeated outages of python.org

M.-A. Lemburg mal at egenix.com
Mon Jul 25 21:16:40 CEST 2011 

"Martin v. Löwis" wrote:
>> So you deliberately make it easy for potential attackers to
>> find out about everything they need to know in order take over
>> the site.
>>
>> Could you explain the reasons behind this ?
> 
> This information is not meant for attackers, but for people contributing
> to the maintenance of the site. It may also help
> attackers, but only a little so, since they can easily gather the
> information, anyway.
> 
> You seem to favor obscurity as a means of security. Please understand
> that this gives a false sense of security.

No, not really. Not having the information readily available doesn't
make it more secure (obscurity never increases security), but it does
make it harder, and thus, raises the bar for script-kiddies.

>> While having documentation of the setup is essential, I don't think
>> making that documentation available outside the group of administrators
>> is a good thing to do.
> 
> I disagree. Administrators tend to forget where the information is
> stored, and how to access it; they are also uncertain as to whether
> certain aspects are documented at all. Giving Google access to this
> information (or any other search engine) simplifies maintenance.

A wiki on a separate server would make that information
just as easily available, so I don't really buy into that
argument of unorganized administrators (which I don't think
we have on python.org).

The PSF has a Trac installation that could be used for this.
It's hosted on a separate managed servers, so the information would
be available even if python.org goes down.

I can create an instance and user accounts for you to use.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jul 25 2011)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the pydotorg-www mailing list