[Haskell-cafe] Offer to mirror Hackage
markus.l2ll at gmail.com
Thu Dec 9 22:59:27 CET 2010
On Thu, Dec 9, 2010 at 11:04 PM, Richard O'Keefe <ok at cs.otago.ac.nz> wrote:
> On 10/12/2010, at 12:18 AM, Markus Läll wrote:
> > My take on the issue is that we should make it possible to easily mirror
> hackage (what the OP asked for), so that people could use it when they
> wanted to, and have a list of the mirrors on the wiki. This way those who
> are interested can use them. Like when the mirror is faster/closer to them
> or to help out when hackage is temporarily down. Those who need the security
> can choose not to use mirrors, or make their own (private), or develop a
> secure scheme, when it doesn't exist yet.
> Have I misunderstood something?
> I thought "X is a mirror of Y" meant X would be a read-only replica of Y,
> with some sort of protocol between X and Y to keep X up to date.
> As long as the material from Y replicated at X is *supposed* to be
> publicly available, I don't see a security problem here. Only Y accepts
> updates from outside, and it continues to do whatever authentication it
> would do without a mirror. The mirror X would *not* accept updates.
Yes, that's what I think of mirrors too. I don't know if that was what you
meant, but yes those mirrors would be just passive copies of the real
hackage server (no updates from a user), and serve as a place to download
packages from until the original hackage comes back.
But for the security issue, ofcourse any host of a mirror could abuse that.
But I think for non-critical stuff I wouldn't mind using the mirror if it
has shown to be trustworthy. And for people using Haskell a lot, if the
making of your own mirror is as simple as installing some package on your
webserver and running it, then this would be a great remedy against those
hours when something has happened to hackage..
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Haskell-Cafe