[mirror-admin] Seeding newkeys with old content?
Arnaud Gomes-do-Vale
Arnaud.Gomes at ircam.fr
Sun Sep 7 05:54:38 EDT 2008
Axel Thimm <Axel.Thimm at ATrpms.net> writes:
> report_mirror ? :)
>
> People (like me) that use this tool have already placed trust in its
> authors. If any pre_mirror tools comes as a sibling reading off the
> same config as report_mirror there would be no more trust to invest.
report_mirror is static, there is no more danger in it than in any
other executable.
What if the server distributing pre_mirror is compromised? I would
rather not have to rebuild my whole mirror server because someone
else's box has been broken into.
I guess there are ways to make sure pre_mirror is genuine, using gpg
or whatever. I am still not sure I like the idea though.
--
Arnaud
--
More information about the Mirror-admin
mailing list