Recent Features
| |||||||||||||
Bug reports: information or spam?Bug reports: information or spam?Posted Apr 15, 2012 3:31 UTC (Sun) by josh (subscriber, #17465)In reply to: Bug reports: information or spam? by dlang Parent article: Bug reports: information or spam?
> But for a bug reporting tool, you should support the common data communication protocols.
SMTP is pretty common. :)
(Note, by the way, that I'm not attempting to argue against the implementation of HTTP for other reasons; I just think "because there are networks that block SMTP" doesn't seem like a good enough reason.)
> Here I (and most security people) just disagree with you. It all depends on the purpose of the network, if the network is not intended to talk to the Internet, creating the ability for it to talk directly to the Internet is a bad idea.
On the contrary, I agree that air-gapped networks potentially make sense. If you want a restricted network with *no* outbound access, by all means have one. And if your network should not provide access to the Internet, don't try to report bugs from that network. :)
But don't create a network that allows *some* traffic out without allowing *all* traffic out; any sufficiently creative and annoyed developer who just wants to get work done will find a way to turn whatever traffic you do allow through into a real Internet connection, as will anyone trying to get malicious activity through.
(Log in to post comments)
Bug reports: information or spam? Posted Apr 15, 2012 3:54 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
security isn't the practice of preventing all possible activities (turning the computer off and sealing it in a faraday cadge will do that), it's a matter of managing risk and slowing down the attacker long enough to catch and stop them.
a network that can do some things, but not all things is a very reasonable, and very common situation.
|
|||||||||||||