On 25.03.2015 10:55, Branko Čibej wrote:
> There are ways, with a bit of scripting on the site, to get direct
> download links instead of bouncing people through the mirrors page;
> here's an example:
>
> http://httpd.apache.org/download.cgi
>
> Note that this page keeps the PGP/hash links pointing to our dist server
> so that a malicious hacker would have to hack into both your mirror and
> the master server to fake hashes and signatures on a hacked package.
The code for the CGI magic is of course available straight from the
HTTPd repository; APR and Subversion use a similar scheme, too:
http://apr.apache.org/download.cgi
http://subversion.apache.org/download/
I'm happy to help with getting these scripts modified for Ignite.
-- Brane
