[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security mirrors?

On Sun, Jan 13, 2008 at 04:22:50PM -0200, Carlos Carvalho wrote:
>  >(Security has an entry in the mirror submission form because I wanted to
>  >collect information about unofficial mirrors, even if we never do anything
>  >about it. As of today, 41 active sites have since reported that they have
>  >mirrored the security.d.o archive.)
> We have it as well. Should I fill the form or is it enough to post
> here the url's (I've already done it). If I should fill the form, is
> it necessary to fill it completely or just add the new info?

Either is fine :)

>  >We haven't had much progress on the issue of making these mirrors pushed,
>  >because even though other security team members indicated agreement with
>  >setting up pushed mirrors, Martin Schulze has consistently obstructed it.
> I think it's not just a question of pushing, it's a question of the
> mirrors being recognized as valid. If they're legitimate users can be
> told to fetch from the mirrors and not only from the security.d.o.
> Or is this already being done?

We're not telling users to fetch from them because we're not publishing a
user-oriented list of such mirrors anywhere.

In the past, before the files were GPG-signed, there was a practical reason
against this, but ever since the latter was implemented, I don't a
particular reason against doing that.

     2. That which causes joy or happiness.

Reply to: