From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: [contact.ng0@cryptolab.net: Re: [security-discuss] gnuradio
	project DoS attacks GNU wget users]
Date: Fri, 3 Mar 2017 12:50:17 -0500
Message-ID: <20170303175017.GA18261@jasmine>
References: <20170303110843.o6i4xrl2mvechkbu@abyayala>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53002)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cjrLS-0006vJ-Sv
	for guix-devel@gnu.org; Fri, 03 Mar 2017 12:50:23 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cjrLP-00067i-Nb
	for guix-devel@gnu.org; Fri, 03 Mar 2017 12:50:22 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:39912)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1cjrLP-00067b-ID
	for guix-devel@gnu.org; Fri, 03 Mar 2017 12:50:19 -0500
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
	by mail.messagingengine.com (Postfix) with ESMTPA id 4011C7E526
	for <guix-devel@gnu.org>; Fri,  3 Mar 2017 12:50:18 -0500 (EST)
Content-Disposition: inline
In-Reply-To: <20170303110843.o6i4xrl2mvechkbu@abyayala>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

On Fri, Mar 03, 2017 at 11:08:43AM +0000, ng0 wrote:
> Hi,
> 
> I don't like repeating myself when I have written the content before.
> So going by the message below, I'd like to change the way we provide
> download links and use the http protocol for our downloads at
> gnu.org/s/guix. Currently we only offer the ftp protocol links. The
> ports 20 and 21 are commonly blocked in the tor network by relays, that
> I was able to telnet to port 21 of alpha.gnu.org was just luck.

I'm not that familiar with Tor, so forgive me if I'm asking questions
that everyone else already knows the answer to.

Would it be enough to offer an HTTPS source for our `gnu.org/s/guix`
downloads? Would that work for Tor users? Or do we have to create an
Onion service, too?

What are the pros and cons?

If the HTTPS link can be accessed reliably over Tor, I think that would
be better for us, because it would reduce the amount of Guix sysadmin
work.

> It would not fix
> the fact that we use ftp:// internally in some downloads (which breaks
> guix package --fallback when you try to torify guix), but this could
> be fixed later.

Are you talking about using FTP to download the sources of some
packages?