[Catalog-sig] PyPI reverse download
"Martin v. Löwis"
martin at v.loewis.de
Tue Jul 27 22:52:25 CEST 2010
>> Any objections?
>
> Seems like this is rife for abuse -- it's essentially an open relay
> for POST requests, so I could use it to amplify a DDOS attack. So
> probably sounds like there needs to be some sort of security, or
> whitelist of allowed URL (or prefixes?), or somesuch.
I guess I restrict it to posting to *.python.org, then.
Thanks,
Martin
More information about the Catalog-SIG
mailing list