Re: We need steenking patches (Re: Cygwin kill utility...)

On Wed, Apr 09, 2014 at 12:43:25PM -0500, Steven Penny wrote:
>On Wed, Apr 9, 2014 at 12:13 PM, Christopher Faylor wrote:
>>It's possible that a site like github has more bandwidth and compute
>>power than and doesn't have to worry about bogging down
>>the system with malicious search attacks.  We, unfortunately, do.  So,
>>while it is possible to turn on searches, it seems like I'd have to
>>personally take some time to fixing the viewvc code to mitigate any
>>damage from using searches.  That is more effort than I'm willing to go
>>to on one person's claim that this functionality is vitally necessary.
>You dont want to take the time to fix it?  You want to maintain the
>status quo?  Thats cool.  But then dont go complaining on the mailing
>list when you are unwilling to take steps to fix it.

Any fix to viewvc was likely to be non-trivial.  It would require making
changes to unfamiliar code and, since we've had a lot of attacks on over the years, I was leery about introducing another
vector.  So, given that you are a data point of one, it didn't seem
worth my time do spend a lot of time on this, despite your indulgenge in
the de rigeur internet style of claiming that your opinions are fact.

The good news is that when we eventually switch Cygwin to git we'll get
search functionality for free so it really is more worth my time to make
that switch than it is to investigate changing viewvc.  I'll try to get
to that in the next week or so.  I know that Corinna will be thrilled to
finally be on git.


