Abuse prevention
Hello,
As far as I could tell from searching through the mailing list [1],
and through glancing through the examples subdirectory, there is an
abuse prevention system such that a host ID that stops appearing is
excluded from statistics.
Since this could be circumvented by a malicious user (they could
simply report multiple times with spoofed MD5 IDs), is there any other
mechanism to prevent abuse, such as IP rate-limiting?
My guess is that the threat model doesn't warrant it. There is not
much material gain in spoofing one's free-software package to the top.
I am asking because the F-Droid community is considering implementing
a similar popularity-contest model, in order to recommend
free-software Android packages. We would love to know if you need to
prevent abuse at all.
[1] https://lists.debian.org/debian-popcon/2004/04/msg00004.html
Cheers!
Dan Haiduc
Reply to: