Return-Path: X-Original-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 45A09937B for ; Tue, 25 Oct 2011 15:06:00 +0000 (UTC) Received: (qmail 95386 invoked by uid 500); 25 Oct 2011 15:06:00 -0000 Delivered-To: apmail-incubator-ooo-dev-archive@incubator.apache.org Received: (qmail 95346 invoked by uid 500); 25 Oct 2011 15:06:00 -0000 Mailing-List: contact ooo-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ooo-dev@incubator.apache.org Delivered-To: mailing list ooo-dev@incubator.apache.org Received: (qmail 95338 invoked by uid 99); 25 Oct 2011 15:06:00 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Oct 2011 15:06:00 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of robertburrelldonkin@gmail.com designates 209.85.213.47 as permitted sender) Received: from [209.85.213.47] (HELO mail-yw0-f47.google.com) (209.85.213.47) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Oct 2011 15:05:52 +0000 Received: by ywf9 with SMTP id 9so557018ywf.6 for ; Tue, 25 Oct 2011 08:05:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=M62l4nR2A+HQMyuGQHYG4LsehjRJLVM50dpSUL+o7qk=; b=dzmRu20Q+Mr+WLS/AlZk28A+DkHJmoCPRXGWTsFLvfj50RSOHeJyL9MPbjinbD16jk 5O5U+d55M5SFfw68WS8SbOEHV6rePM2+uqXvlhyFpb6r49/nSfxXo6VCwyWtlUZIA7pP o15RnF/lTIqGP9sI5N/0cF8rQ/+8bhvszEIkM= MIME-Version: 1.0 Received: by 10.236.157.161 with SMTP id o21mr41731709yhk.72.1319555131331; Tue, 25 Oct 2011 08:05:31 -0700 (PDT) Received: by 10.236.44.99 with HTTP; Tue, 25 Oct 2011 08:05:31 -0700 (PDT) In-Reply-To: References: <4EA1FD16.4070508@wtnet.de> <20111023215030.GB30827@poeml.de> <4EA4BA9D.3050500@wtnet.de> <20111024230620.GB21778@daniel3.local> <012b01cc92a9$ae3e0450$0aba0cf0$@acm.org> Date: Tue, 25 Oct 2011 16:05:31 +0100 Message-ID: Subject: Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance From: Robert Burrell Donkin To: ooo-dev@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Tue, Oct 25, 2011 at 1:38 PM, Christian Lohmaier wrote: > Hi Robert, *, > > On Tue, Oct 25, 2011 at 2:15 PM, Robert Burrell Donkin > wrote: >> On Tue, Oct 25, 2011 at 12:36 PM, Christian Lohmaier >> wrote: >>> [...] >>> That doesn't make sense - integrity is assured by bittorrent by >>> providing sha1sums for each =A0chunk. And authenticity can be assured >>> just like it is with regular releases - just include a corresponding >>> signature file within the torrent. >> >> Better to download the signature over HTTPS but yes, I see no reason >> why this approach could not be made to work > > With signature I meant a real signature (gpg signature), not a md5sum > or sha1sum file. > When it is a cryptographic signature, it doesn't matter how you > download it, as it cannot be faked. > (of course the user has to get the proper key, but that's a different iss= ue) FWIW it's a defense in depth measure[1] >>>> I may have dreamed it or I am mixing this up with something else. >>> >>> If those were the only reasons, then they were made-up arguments. >> >> When engaging with Infrastructure, expect to be challenged and to have >> to defend any proposal. These lists are open, so expect a range of >> cluefulness from contributors. The best way to impress the core >> infrastructure team is for plenty of clueful people from a project to >> show up and defend the proposal with well research arguments. Giving >> up and going away is the surest way to lose the argument... > > With OOo the tracker network[1] was run independently anyway and not > hosted on the Oracle or OSUOSL hosted infrastructure. The main tracker > was Mike's at utwente, and that mirror also was the initial/main seed > for all the releases. There were other trackers linked together via a > tracker-hub (backup tracker as well as the hub were provided by > Harold). > > So it is not a matter of infrastructure, but a matter of policy. Where's the URL for this policy? Robert [1] Consider an attacker with some ability to fabricate convincing signatures. Downloading the signature from a trusted server means that such an attacker would need to replace an existing signature on secure hardware without detection. The small increase in traffic is a small price to pay for this additional defense in depth.