httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCarthaigh <>
Subject Re: using proxy/cache for apache mirrors
Date Wed, 07 Dec 2005 08:56:12 GMT
On Wed, Dec 07, 2005 at 01:18:32AM -0600, William A. Rowe, Jr. wrote:
> Do mirrors even validate any server signature for rsync?  If not this
> argument is blowing smoke.  For that matter, we could even endorse the
> use of ssl privately to our mirrors on the backend, with server cert
> validation to avoid exactly what you describe above, as well as any
> number of man in the middle attacks.  In fact, it seems this would be
> much more robust than today's rsync, in terms of security.

Yep, if we could do the pull over https, that would solve this. 

> >I generally discourage ftp mirrors.  But yes, they would continue to 
> >need to do rsync.
> Why?  I'm not certain, but expect there are ways to play with wget to
> fetch only new/changed files.  If not, perhaps it's time to teach wget
> some new tricks :)

If you dropped rsync, we'd lose most of the mirrors. They absolutely
won't be interested in that kind of poking. 

Colm MacCárthaigh                        Public Key:

View raw message