[mirror-admin] push mirroring - who owns the SSH keys?
Carlos Carvalho
carlos at fisica.ufpr.br
Sat Jun 20 21:38:59 EDT 2009
Matt Domsch (Matt_Domsch at dell.com) wrote on 20 June 2009 07:52:
>I'm starting to think again about push mirroring, with an eye to
>having something in place for general use by Fedora 12.
[removed]
>For N in [0 1 2]:
That's going to be difficult. If the loop runs S times you'll have S
different opinions here... I suggest you focus on 0 and 1 only.
Also, much of the advantage of pushing will be lost if you let
everybody access the master. Only tier 0 and 1 should be allowed to.
>For b), Debian uses an 'ssh push' trigger method.
I fully agree with Maurice's remarks about this. Besides, I in fact
prefer to have different accounts for different mirrors. This isn't a
security risk because the accounts can only be accessed through ssh
with public keys.
>Other triggers could be email
Possible also. We already use it for the kernel.
>or [insert your favorite trigger method here]. I'm open to several,
>it's just a small matter of code.
You'll probably have to do it in several ways to get mirror admins to
join in... :-)
>Can we use one keypair per downstream mirror, or do we need one
>keypair per (upstream, downstream) pair? The upstream's (private)
>half of the keypair is only known to MM.
This is your choice. I'd go for a single pair for all triggers.
--
More information about the Mirror-admin
mailing list