[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Smart Upload Server

On Tue, Dec 23, 2008 at 10:36:29AM -0500, Michael Casadevall wrote:
> This command is to tell the remote server to receive a file. The
> client must send a signed changes file as the first file uploaded. As
> a security precaution, no file greater then 16 kilobytes shall be
> accepted until a signed changes is received and its signature has been
> verified to prevent a denial of service attack. Should a larger file
> be sent, an automatic REJECT shall be sent, and the server shall
> immediately close the connection.

Changes files themselves could be greater than 16k.  C.f. [0],
and that's just the morgue.

Kind regards,
Philipp Kern

[0] find /org/ftp.debian.org/morgue -iname "*changes" | \
      xargs stat -c "%s" | \
      sort -nr | \
      head -n 5
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Release Assistant
`. `'   xmpp:phil@0x539.de                         Stable Release Manager
  `-    finger pkern/key@db.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: