Re: security mirrors?
On Sun, Jan 13, 2008 at 04:22:50PM -0200, Carlos Carvalho wrote:
> >(Security has an entry in the mirror submission form because I wanted to
> >collect information about unofficial mirrors, even if we never do anything
> >about it. As of today, 41 active sites have since reported that they have
> >mirrored the security.d.o archive.)
>
> We have it as well. Should I fill the form or is it enough to post
> here the url's (I've already done it). If I should fill the form, is
> it necessary to fill it completely or just add the new info?
Either is fine :)
> >We haven't had much progress on the issue of making these mirrors pushed,
> >because even though other security team members indicated agreement with
> >setting up pushed mirrors, Martin Schulze has consistently obstructed it.
>
> I think it's not just a question of pushing, it's a question of the
> mirrors being recognized as valid. If they're legitimate users can be
> told to fetch from the mirrors and not only from the security.d.o.
> Or is this already being done?
We're not telling users to fetch from them because we're not publishing a
user-oriented list of such mirrors anywhere.
In the past, before the files were GPG-signed, there was a practical reason
against this, but ever since the latter was implemented, I don't a
particular reason against doing that.
--
2. That which causes joy or happiness.
Reply to: