On 2009-09-03, Bram Neijt <bne...@gmail.com> wrote: > You are correct that you won't benefit from publishing metalinks, but > your users might.
Which would benefit Ant ... But I'm not convinced 8-) > One of the failures a redirect/GeoIP based approach can't solve for > the user is possible firewall problems. The user may be behind a > firewall which restricts to HTTP connetions, not knowing that for sure > he/she would have to try the GeoIP suggestion. If you look at the actual download page it will list HTTP mirrors first (since ftp mirrors are so 20th century anyway, I guess). Most users will have stopped before reaching the ftp mirrors. > Another benefit is that the download client can also verify the > download afterwards, This depends on my level of paranoia. Do I want to trust md5 or sha1 hashes at all? Does the client speak OpenPGP for a stronger checksum algorithm (unless the signer is in my web of trust, the signature isn't more than that)? > without the user having to run any extra commands after the download > finished. Do I tust the download client? ;-; > About the digest information coming from a reliable central source, you > are already doing that with your download page by pointing only to the > central MD4/SHA1/signature files. I've rewritten the page to keep other > people from getting confused about that :) Thanks. I think in the ASF's case dynmirror doesn't really help. The list of mirrors is dynamic and mirrors come and go (e.g. they may get removed if they don't sync fast enough) and we like to keep it that way. The specific ASF projects (like Ant) aren't even aware of the process. If I understand dynmirror correctly it would accept any download URL as a mirror if it can provide matching filenames and MD5 checksums, is that correct? This would allow mirrors to add themselves that are not "approved" (they may want to show ads we don't like for example). If my understanding is correct it would also allow me to create a trojan distribution of some software if I manage to create MD5 checksums that match the original distribution - given that creating hash collisions in MD5 isn't that difficult for a well-funded bad-guy, this is something I'd be concerned about. Given its adoption Apache httpd looks like a very attractive target for inserting a backdoor, so the well-funded bad-guy isn't that far-fetched IMHO. Let's say I hope my understanding is wrong. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
