[CentOS-mirror] Thoughts on DVD images

Wed May 19 17:45:46 UTC 2010
Nick Olsen <Nick at 141networks.com>


On 5/19/2010 1:30 PM, Karanbir Singh wrote:
> On 05/19/2010 06:08 PM, Jonathan Thurman wrote:
>> I don't think that the msync pool should be wide open for anyone to access.  Those that are hosting public mirrors of content should have a pool that they can sync to that is restricted, or at least have priority over unknown users.  Otherwise it could be more difficult for the public mirror system to stay up to date.
> Yeah, thats the main thing - being able to get the rsync tree's out to
> the public mirrors asap, while still having enough resources within
> .centos.org.
>
> So here is a question for you - as a mirror admin, would you host an
> rsync target that msync.c.o could push into ? It could be ither based on
> a user/pass acl or a key. And we would give you a list of ip's that will
> push to your machine.
>
> - KB
Lets call msync tier 0, Public mirrors tier 1, and private mirrors that 
pull tier 2. For sake of this next paragraph.
If were going to talk ACL's, I think IP based would be the best. And 
really, I think its the most secure, Without having to get to 
complicated (keys). Passwords wouldn't work as every tier 1 mirror would 
need that password (Shared passwords=Bad). If it were IP based, All a 
tier 1 would have to do is state the IP they would be pulling with for 
centos to add to the ACL.