I understand that website mirrors made perfect sense when this project kicked off, but these days, you could serve 7.5TB per month for a cost of somewhere between zero (CloudFlare free tier) and Rasmus's pocket change.
I have a $20/month Linode instance which can do 4TB/month, so three of those would make a sufficient DIY frontend cluster, assuming 7.5TB is correct. There are plenty of other options. The main problem with mirrors is that you don't have SSH access to the web servers, which makes it difficult to change or maintain anything. You can't even control which PHP version is used. The mirrors are insecure. The small self-hosted sites like bugs.php.net mostly use HTTPS now, but downloads are still served over HTTP. GPG signatures are provided, but even for the small percentage of users who check those signatures, the key fingerprints are listed on the same mirror server, provided by plain HTTP. I'm sure you know that the PGP keyservers do not verify a user's identity. Anyone can make a key for poll...@php.net. The mirrors are fragile, and when something breaks, it takes human effort and communication to fix the problem. Is it just inertia? -- Tim Starling -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
