Am Mon, 25 Oct 2021 13:01:28 +0000 (UTC) schrieb Michael Matz <matz@suse.de>:
It's not exactly wonderful, but gcc-stats is basically only a data container for gcc.opensuse.org without any further services or influences, so somebody investing $50k and time to crack the ssh key should perhaps rather simply ask me and donate the money to openSUSE :-)
Well: the main problem I have with such statements: the data itself will not be interesting for the attacker, but the host's resources will. And if (s)he could use the resources to attack other machines, it might become a problem for openSUSE hosting an attacker bot(net). Even if it's just the bad press: something like this is what we want to avoid. So please everyone: keep your environment safe for our all safety. Regards, Lars