Re: Use of our external site embedded into a Debian file
[cc-ing John Nagle as context suggests he's not on this list. John, if
you are subscribed, please say so and we'll stop cc-ing you.]
John, thanks very much for researching the problem before reporting
it. I understand it can be alarming to see that an automated system is
accessing your system in what appears to be an inappropriate fashion;
thank you for coming to us with information instead of demands :-)
John Nagle <nagle@animats.com> writes:
> We noticed a wierd usage of our SiteTruth.com site mentioned in a
> Debian bug report. Bug report #423669 apparently patched a problem
> by using a link to a CGI script on our site.
That's not the case. Varun Hiremath is showing an example of a
workaround to fetch a file; bug #423669 is unrelated to sitetruth.com.
> We have a system that rates web pages, and as a service for
> webmasters, we have a little utility, "viewer.cgi", which is used to
> show users how our crawler saw a page. Somebody stuck this into a
> Debian watchfile because it can be used to read a HTTPS page via
> HTTP, something they needed.
Yes, that was the example. It's actually unrelated to the resolution
of bug #432669, which was (according to the information in the bug
report) fixed by implementing HTTPS properly in the 'uscan' utility.
> SiteTruth really shouldn't be part of some Debian build procedure.
> We suggest finding some other way to read HTTPS pages with HTTP.
> Wrong tool for the job. Thanks.
You're quite right that it would be foolish to do so. I believe, from
reading the bug report, that it was merely being used to demonstrate
the problem (lack of HTTPS support), rather than to become part of a
package's built procedure.
Do you have reason to believe the sitetruth.com service is still being
accessed routinely from Debian build programs?
--
\ "Today, I was -- no, that wasn't me." -- Steven Wright |
`\ |
_o__) |
Ben Finney
Reply to: