https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7397
--- Comment #16 from Michael P <[email protected]> --- Discussion of Optimization Policy on MIRRORED.BY (deprecate?) # --------------------------------- # MP: Logic behind local MIRRORED.BY, to find working mirrors # 1) Use local file if it exists, and is not older than one week # (Not sure why we have this optimization, given how light the # query is. Reduce the chance of man in middle giving out # fake information?? Or a hack at a mirror, or malicious mirror? # should make this safer) # 2) Use the information presented in a TXT record lookup # (Again, maybe vulnerable to M-M DNS spoofing attack, might # want to consider improving security in this regard. Also make # a security note to channel maintainers, to find the location # of the latest mirrors file, eg.. # host -t TXT mirrors.updates.spamassassin.org # mirrors.updates.spamassassin.org descriptive text "http://spamassassin.apache.org/updates/MIRRORED.BY"; # 2a) Download that list, and store it locally (per channel) # 3) Randomly order the mirror list(s)?? We could do something novel # eg, order the mirror list by GEO proximity, or by a 'weight' # 4) Walk through each Mirror until we download a valid set of rules # Concerns: New Installs would not get updated mirrors for 7 days # If a broken or hacked mirror existed, some people would # not get list updated for 7 days I would think that given how light a DNS query is for the TXT record, and how light the actual GET for the mirrors file, we don't REALLY need this optimization like we might have years ago. IF we do want this optimization, I highly recommend it be dropped down to one (1) day only. -- You are receiving this mail because: You are the assignee for the bug.
