> In your opinion, would you rather go with password based acls or with > ip based acls? > > If there's not that many mirrors which don't pull from the IP they are > serving from, the ip based acls can be calculated "on the fly" with > one more field in the database for machines which have a different > puller. > > Password based ACLs on the other hand could break older, > non-maintained, but working setups - but they are easier to implement > and less error prone. > > Opinions? > > Ralph > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org > http://lists.centos.org/mailman/listinfo/centos-mirror We would prefer password based, just for the case when the mirror machine needs to change address for some reason (like keeping two instances in sync while migrating to new hardware). But to be honest it does not matter that much to me, and as Jon mentioned already it caries the higher risk of leakage. One could of course use both (with individual passwords), at least for a while, if someone feels strongly for one or the other way... Regards, Emil