Discuss mailing list

[gp AT gparent.net]

If I were to join a project where nobody knows anything about me and I haven't ever said a word - yes.

Because I wouldn't host a bunch of my infrastructure on a server that I share as a T1 for OpenNIC.

Also, SHA1 isn't good either. Please, implement a crypt-like scheme if you're going to implement anything at all.

As presumably experienced sysadmins, would you really give root access
to your boxes to someone else who you only know online?

Generally, root should be protected. Surely, in terms of safeguarding
the OpenNIC infrastructure, everything that could be done with root
access can be achieved another way without accessing the server at all.
People (or their personal password store) can be compromised just as
systems can and a compromised person with root access to your systems is
arguably more of a risk than the risk you're trying to prevent.

Simon

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

-- 
-gp