[mirror-admin] master server sync stats and recommendations
Axel Thimm
Axel.Thimm at ATrpms.net
Thu Apr 23 05:29:19 EDT 2009
On Wed, Apr 22, 2009 at 10:41:28AM -0500, Matt_Domsch at Dell.com wrote:
> http://www.debian.org/mirror/push_mirroring
> describes how Debian does push mirroring, complete with the ssh setup.
> I've not set this up before, but we've discussed here before using the
> same setup to trigger a pull (yes, in this case, push == triggered pull,
> which is safer), or using other trigger forms (email, rss feed, ...).
>
> It's just something no one on the Fedora side has implemented. I'm very
> open to adding code to MM to assist with this, but I haven't ever gotten
> around to it, and over the next few weeks I likely can't. But if
> someone wants to take a crack at it, I'd love the help!
Push mirroring is evil. If you can't make sure that the server has
always enough resources for all projects to do a push mirroring
simultaneously, then you get issues with traffic and high CPU loads.
Not to mention possible security implications - no matter how much you
harden the ssh access and limit a key to a single command, it is still
less safe than pure polling. Just consider the Debian openssh issue
being detected in 2010 and some of us had ssh access with one of these
keys.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/mirror-admin/attachments/20090423/224a0327/attachment.bin
-------------- next part --------------
--
More information about the Mirror-admin
mailing list