[mirror-admin] Seeding newkeys with old content?
Axel Thimm
Axel.Thimm at ATrpms.net
Sun Sep 7 17:36:06 EDT 2008
On Sun, Sep 07, 2008 at 11:54:38AM +0200, Arnaud Gomes-do-Vale wrote:
> Axel Thimm <Axel.Thimm at ATrpms.net> writes:
>
> > report_mirror ? :)
> >
> > People (like me) that use this tool have already placed trust in its
> > authors. If any pre_mirror tools comes as a sibling reading off the
> > same config as report_mirror there would be no more trust to invest.
>
> report_mirror is static, there is no more danger in it than in any
> other executable.
>
> What if the server distributing pre_mirror is compromised? I would
> rather not have to rebuild my whole mirror server because someone
> else's box has been broken into.
>
> I guess there are ways to make sure pre_mirror is genuine, using gpg
> or whatever. I am still not sure I like the idea though.
Well, if the source of this script is the master of the packages, then
a compromised script would mean compromised packages, so the damage
would be larger than rebuilding one mirror.
But in reality the premirror scripts are trivial and posted on this
list as a deployment method, so I guess this will be good enough. It
didn't really seem to have made any big difference BTW, my syncing
look almost two days.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/mirror-admin/attachments/20080908/d324cf68/attachment.bin
-------------- next part --------------
--
More information about the Mirror-admin
mailing list