1 Jul
2018
1 Jul
'18
2:54 p.m.
Hi,
On 30/06/18 12:53, Jaskaran Singh wrote:
- Motivation and Overview
We're using Maxmind's (company registered in the US) GeoIP Database, which is not just antithetical to the philosophy that one should not totally rely on a service/software for all needs, but has some serious security repercussions too.
I would love to see a full list of all the places we currently use this database and what security consequences could be.
Relevant tickets to this discussion that you may want to read have the keyword "metrics-geoip" in trac.
Also, you may be interested in karsten's comment on #22203 where we talk about downloading signed GeoIP files from the dirauths instead of shipping them in the distribution.
Thanks, Iain.