On Thu, Dec 9, 2010 at 11:04 PM, Richard O'Keefe <o...@cs.otago.ac.nz> wrote:
> > On 10/12/2010, at 12:18 AM, Markus Läll wrote: > > > My take on the issue is that we should make it possible to easily mirror > hackage (what the OP asked for), so that people could use it when they > wanted to, and have a list of the mirrors on the wiki. This way those who > are interested can use them. Like when the mirror is faster/closer to them > or to help out when hackage is temporarily down. Those who need the security > can choose not to use mirrors, or make their own (private), or develop a > secure scheme, when it doesn't exist yet. > > Have I misunderstood something? > I thought "X is a mirror of Y" meant X would be a read-only replica of Y, > with some sort of protocol between X and Y to keep X up to date. > As long as the material from Y replicated at X is *supposed* to be > publicly available, I don't see a security problem here. Only Y accepts > updates from outside, and it continues to do whatever authentication it > would do without a mirror. The mirror X would *not* accept updates. > > Yes, that's what I think of mirrors too. I don't know if that was what you meant, but yes those mirrors would be just passive copies of the real hackage server (no updates from a user), and serve as a place to download packages from until the original hackage comes back. But for the security issue, ofcourse any host of a mirror could abuse that. But I think for non-critical stuff I wouldn't mind using the mirror if it has shown to be trustworthy. And for people using Haskell a lot, if the making of your own mirror is as simple as installing some package on your webserver and running it, then this would be a great remedy against those hours when something has happened to hackage.. -- Markus Läll
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe