X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Recipient: geda-user AT delorie DOT com
X-Envelope-From: paubert AT iram DOT es
Date: Tue, 26 Jun 2012 12:31:01 +0200
From: Gabriel Paubert <paubert AT iram DOT es>
To: geda-user AT delorie DOT com
Subject: Re: [geda-user] pcb git repository is down
Message-ID: <20120626103101.GA16226@visitor2.iram.es>
References: <20120625092745 DOT 21525c34 AT svelte>
 <201206251715 DOT q5PHFpvM002678 AT envy DOT delorie DOT com>
 <20120625161317 DOT 2bc9bdbf AT svelte>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20120625161317.2bc9bdbf@svelte>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SPF-Received: 2
X-Spamina-Bogosity: Unsure
X-Spam-Score: -4.4 (----)
X-Spam-Report: Content analysis details:   (-4.4 points)
	pts rule name              description
	---- ---------------------- --------------------------------------------------
	-1.8 ALL_TRUSTED            Passed through trusted hosts only via SMTP
	-2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
	[score: 0.0006]
Reply-To: geda-user AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: geda-user AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk

On Mon, Jun 25, 2012 at 04:13:17PM -0700, Colin D Bennett wrote:
> On Mon, 25 Jun 2012 13:15:51 -0400
> DJ Delorie <dj AT delorie DOT com> wrote:
> 
> > 
> > dj AT envy pts/3 /tmp/pcb
> > $ git clone git://git.geda-project.org/pcb.git
> > Cloning into 'pcb'...
> > remote: Counting objects: 21621, done.
> > remote: Compressing objects: 100% (4908/4908), done.
> > remote: Total 21621 (delta 16813), reused 21427 (delta 16670)
> > Receiving objects: 100% (21621/21621), 7.91 MiB | 3.71 MiB/s,
> > done. Resolving deltas: 100% (16813/16813), done.
> > 
> > I checked from a work machine too.
> 
> Hmmm, I think our brain-dead new "security" measures at work of
> blocking non-80 outgoing ports is biting me again.

I seem to remember that git can use http to work around these
utterly stupid decisions. It's much slower, and depends on
server setup.

The only result of this kind of behaviour is that people find
a way to multiplex everything over port 80, actually decreasing
the ability of controlling traffic (and in the end security).

Port filtering incoming connections in firewalls is fine, port 
filtering outgoing ones (especially all except a few, not the
other way around) will backfire sooner or later.

	Regards,
	Gabriel