From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-7089-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 6821 invoked by uid 1002); 1 Oct 2003 17:22:26 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 6308 invoked from network); 1 Oct 2003 17:22:26 -0000
From: Benjamin Coles <sj7trunks@gentoo.org>
To: gentoo-dev@gentoo.org
Content-Type: text/plain
Message-Id: <1065029629.14866.7.camel@gentoo.pendulus.net>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.4 
Date: Wed, 01 Oct 2003 10:33:49 -0700
Content-Transfer-Encoding: 7bit
Subject: [gentoo-dev] finger@gentoo.org
X-Archives-Salt: d9ec11cb-e569-4fb7-b59a-1e8ee8dc269e
X-Archives-Hash: 1b230b57f81d7f2aef7ec44c2885a802

Considering that this topic was brought up before and it had some
security problems aka user names could be guessed from it, I would
propose setting up a hacked version of finger which originally pulls
data from multiple sources to pull it from a .xml file. I'm sure we
could put at the top: Even though this user is a gentoo developer, it
does not mean he is a user of this server. If anyone were to try to hack
it with login names in the list it could be blocked indefinately from
that host to ever access the server again because not everyone in that
list has access to web servers and such.

Thanks,
Benjamin Coles
Gentoo Infrastructure


--
gentoo-dev@gentoo.org mailing list