On Thu, Apr 8, 2010 at 5:41 PM, Gilbert E. Detillieux <gedetil at cs.umanitoba.ca> wrote: > But seriously, if you do decide to implement password-based ACL's (as > some seem to prefer), could this be done as an optional alternative to > IP-based, for those where IP-based isn't practical? That way, the > silent majority could just stick with the status quo, while those that > want something different have that option. Yeah, I guess that needs some thinking over. Maybe pw based acls for the new mirrors and those who want them ... As said, for most mirrors we should be able to calculate the ips from the database of mirrors we have. Regarding abuse: Well, what do you really gain from knowing the password? It's more or less a traffic protection for the internal mirror network, if dvd goes to everyone. Keep on discussing if you want to :) Cheers, Ralph