Abuse prevention

To: debian-popcon@lists.debian.org
Subject: Abuse prevention
From: Dan Haiduc <danuthaiduc@gmail.com>
Date: Tue, 20 Nov 2018 17:37:33 +0200
Message-id: <[🔎] CAPHrrg1vU5kgQS3RY4oBPtF4LaLwi7Rh5q+8O_bwpnfRCpLvhg@mail.gmail.com>

Hello,

As far as I could tell from searching through the mailing list [1],
and through glancing through the examples subdirectory, there is an
abuse prevention system such that a host ID that stops appearing is
excluded from statistics.

Since this could be circumvented by a malicious user (they could
simply report multiple times with spoofed MD5 IDs), is there any other
mechanism to prevent abuse, such as IP rate-limiting?

My guess is that the threat model doesn't warrant it. There is not
much material gain in spoofing one's free-software package to the top.

I am asking because the F-Droid community is considering implementing
a similar popularity-contest model, in order to recommend
free-software Android packages. We would love to know if you need to
prevent abuse at all.

[1] https://lists.debian.org/debian-popcon/2004/04/msg00004.html

Cheers!

Dan Haiduc

Reply to:

Follow-Ups:
- Re: Abuse prevention
  - From: Bill Allombert <ballombe@debian.org>

Next by Date: Re: Abuse prevention
Next by thread: Re: Abuse prevention
Index(es):
- Date
- Thread