[mirror-admin] ***SPAM*** Re: push mirroring plans
Simon Valiquette
gulus-miroir at listes.USherbrooke.ca
Wed Dec 17 02:50:30 EST 2008
Paulo Licio de Geus un jour écrivit:
> Hiroyuki SHINBO wrote:
>
>> Hi Matt,
>>
>> I have one question about this. Will you stop the "pull mirror"
>> system after "push mirror" system works?
>>
>> In our network policy, SSH access from outside of our network
>> is prohibitted. I can not change this because this policy is
>> the decision of our company. So, our server may be stopped the
>> mirror if only "push mirror" is provided for official mirror.
>>
>> I think that debian provides both pull and push miror. If
>> possible, I would like to use "pull mirror" continuously.
Exact, and I see no reasons why RedHat would want to prevent mirrors
from polling from the master. Actually, it would even involve unnecessary
efforts to enforce it.
> Just out of curiosity, would a ssh connection through a reverse ssh
> channel (the central mirror initiating a ssh connection to a local port
> forwarded to your mirror over a ssh channel created by you to the
> central mirror ssh server) satisfy your policy? Convoluted, but
> functional...
I know a number of companies where you could get fired for doing
something like that if you don't get the permission first. Ideally, to be
really safe, I would even ask for a written autorisation before trying to
circumvent the company security policy.
Much better, much simpler and quite safe is to trigger the sync with an
email, like what kernel.org do. Configuring Postfix or something else to
trigger the sync when receiving the email is quite simple, and have far
better chance to comply with Shinbo-san company policy.
Simon Valiquette
http://gulus.USherbrooke.ca
--
More information about the Mirror-admin
mailing list