[CentOS-mirror] mirror manager
R P Herrold
herrold at centos.org
Tue Aug 18 17:37:05 UTC 2009
On Tue, 18 Aug 2009, Chuck Anderson wrote:
> The newest incarnation of MirrorManager is better,
I see at RawHide ... nothing
[herrold at centos-5 ~]$ date ; srcfind MirrorManager
Tue Aug 18 12:36:25 EDT 2009
[herrold at centos-5 ~]$
> because it uses https:// URLs to the master server, which
> then serves a Metalink URL file containing the mirror list
> along with hashes of the files.
and what revocation list checking exists and is implemented?
Are the hashes signed? If so, when and with what key security
model? traceable to what CA root set? -- so far all I see is
a potential for transit security of a file against a MitM
> Yum can then compare the secure hashes
'can' is not 'does' -- version/release please? Is this in our
yum, or if not what adds it, so I can examine the model's
ehhh? 'secure hashes' how? What is being compared here?
> of the repomd.xml files from the mirrors with the hash from
> the genuine master as served over https to verify it hasn't
> been tampered with. If it doesn't match, yum just goes onto
> the next mirror in the list.
-- Russ herrold
More information about the CentOS-mirror