From: Stefan Kangas <stefan@marxist.se>
To: Lars Ingebrigtsen <larsi@gnus.org>
Cc: 19565@debbugs.gnu.org
Subject: bug#19565: Emacs vulnerable to endless-data attack (minor)
Date: Tue, 8 Oct 2019 18:50:22 +0200 [thread overview]
Message-ID: <CADwFkmnP4+c=o5B5eQ9hVtOciURv_tsKBTTC3=JJzrVMv8K=8A@mail.gmail.com> (raw)
In-Reply-To: <87zhibyzh8.fsf@gnus.org>
Lars Ingebrigtsen <larsi@gnus.org> writes:
> So bytes/sec, as you suggest, may be the best heuristic. But it should
> only kick in after having received a large number of bytes, probably.
Maybe this is a stupid question, but what if I'm on a slow connection?
Then I would never hit the max? Emacs does have users also in areas
of the world where the connections are generally slow, but where AFAIK
in addition to that they may have to pay for data. Also consider the
use case of a user from the developed world currently on data roaming,
with a maximum of 100 MiB of free data...
I'm not against the bytes/sec idea, and maybe I don't understand it
well enough, but I also think there is a case for being able to
specify a maximum number of bytes for a particular connection. For
example, the "archive-contents" file is never that big unless
something is seriously wrong. The MELPA "archive-contents" file is
probably one of the biggest examples in use today and currently weighs
in at 1,433,186 bytes. This means that a maximum of, say, 128 MiB
should be extremely generous in this case, also allowing for it to
grow quite a lot in the next decade or so.
Best regards,
Stefan Kangas
next prev parent reply other threads:[~2019-10-08 16:50 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-11 11:12 bug#19565: Emacs vulnerable to endless-data attack (minor) Kelly Dean
2015-01-11 18:33 ` Richard Stallman
2015-01-11 21:18 ` Kelly Dean
2019-10-06 3:13 ` Stefan Kangas
2019-10-06 17:32 ` Eli Zaretskii
2019-10-07 1:51 ` Lars Ingebrigtsen
2019-10-07 12:50 ` Stefan Kangas
2019-10-07 16:13 ` Eli Zaretskii
2019-10-08 16:27 ` Lars Ingebrigtsen
2019-10-08 16:47 ` Eli Zaretskii
2019-10-08 16:50 ` Stefan Kangas [this message]
2019-10-08 17:22 ` Eli Zaretskii
2019-10-08 17:38 ` Stefan Kangas
2019-10-08 18:02 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADwFkmnP4+c=o5B5eQ9hVtOciURv_tsKBTTC3=JJzrVMv8K=8A@mail.gmail.com' \
--to=stefan@marxist.se \
--cc=19565@debbugs.gnu.org \
--cc=larsi@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).