On 5/19/2010 1:30 PM, Karanbir Singh wrote: > On 05/19/2010 06:08 PM, Jonathan Thurman wrote: >> I don't think that the msync pool should be wide open for anyone to access. Those that are hosting public mirrors of content should have a pool that they can sync to that is restricted, or at least have priority over unknown users. Otherwise it could be more difficult for the public mirror system to stay up to date. > Yeah, thats the main thing - being able to get the rsync tree's out to > the public mirrors asap, while still having enough resources within > .centos.org. > > So here is a question for you - as a mirror admin, would you host an > rsync target that msync.c.o could push into ? It could be ither based on > a user/pass acl or a key. And we would give you a list of ip's that will > push to your machine. > > - KB Lets call msync tier 0, Public mirrors tier 1, and private mirrors that pull tier 2. For sake of this next paragraph. If were going to talk ACL's, I think IP based would be the best. And really, I think its the most secure, Without having to get to complicated (keys). Passwords wouldn't work as every tier 1 mirror would need that password (Shared passwords=Bad). If it were IP based, All a tier 1 would have to do is state the IP they would be pulling with for centos to add to the ACL.