What is this security hazard you speak of? I don't really see a problem with it at first glance. And yes, i'm running a private mirror, and no, i do not pull from *.centos.org Centos, I pull from linux.mirrors.es.net On 8/18/2009 11:44 AM, Karanbir Singh wrote: > On 08/18/2009 04:39 PM, Nick Olsen wrote: > >> Its great when your looking for a mirror to pull from. It lists every >> mirror that your allowed to pull from, What they have, if its up to >> date. And where THEY pull it from. Not to mention they have some CGI >> script or something that ties into yum so you can redirect your local >> subnets to your local server insted of having to mod the repo file on >> every box. >> >> On 8/18/2009 11:36 AM, Karanbir Singh wrote: >> >>> On 08/18/2009 04:07 PM, Nick Olsen wrote: >>> >>> >>>> Not sure how many of you guys have used fedora's mirror manager, but >>>> centos should do something like this. Its really a nice little app, that >>>> helps in mirroring. >>>> >>>> >>> howso ? >>> > > yes, that yum cgi thing you speak of - is also a massive security > hazard. Its the no.1 reason why noone else wants to go down that route. > As for the mirror network, if you are a public mirror you should be > pulling from the msync targets anyway ( and we try and keep those > controlled to ensure there is enough b/w to go around ). > > We do need better monitoring within that, and is something we should get > done soon. > > If you are not a public mirror, you should *not* be pulling from > anything .centos.org and just going to your trusted local upstream. > There is potent to better define this and to merge in the various > sources of info that exist on .centos.org! > >