On Mon, Sep 27, 2010 at 12:31 PM, Ask Bjørn Hansen <a...@perl.org> wrote: > Related notes: would it make sense to sign the (timestamped) list of mirrors?
I added some heuristic anti-hijacking stuff to a previous version of Mirror::JSON so it would at least provide a basic level of projection. Basically, if it sees the master server change from the last version it has stored (or the default one it is bundled with) it will try to contact additional mirrors to confirm the master change. That wouldn't fix a DNS hijack of course, but it would hopefully mean you have to compromise several mirrors and not just one. WRT to signing, I fear the crypto bootstrapping issues we'd suffer. However, in the same vein as index multi-formatting, perhaps we could make it optional. One signed, and one unsigned. Client picks the level of safety they want. Adam K
