Re: [Monotone-devel] Re: GCC and Monotone

[graydon hoare]

Zack Weinberg wrote:

> One last issue: denial-of-service.  If we have the official depot
> take patches by email from anyone (which I like, since it makes it
> much harder to drop patches on the floor) then what's to stop someone
> sending either a gargantuan patch, or a long series of small patches,
> and filling up the disk?

depots are probably a less-good fit for this than a public news server 
with no expiry. I'd like to flatter myself and say a depot will scale to 
hundreds of concurrent uploaders, but INN has a lot more practise in 
that category than a single-file-locking CGI I cooked up.

what abuse-control depots have is limited. they have a fixed upload 
chunk cap (16mb) and they require a signature from the private half of 
an RSA pubkey they know, on the upload. you can probably kill an apache 
running a depot just by opening 100 open connections and trickling bytes 
into them.

further DoS avoidance patches would be appreciated, but ultimately my 
strategy for this is not to make depots iron clad -- I doubt such a 
thing can ever really exist -- but rather to encourage people to put up 
lots of small-ish depots / news servers. security through redundancy.

-graydon