[Haskell-cafe] Offer to mirror Hackage

[Markus Läll]

On Thu, Dec 9, 2010 at 11:04 PM, Richard O'Keefe <ok at cs.otago.ac.nz> wrote:

>
> On 10/12/2010, at 12:18 AM, Markus Läll wrote:
>
> > My take on the issue is that we should make it possible to easily mirror
> hackage (what the OP asked for), so that people could use it when they
> wanted to, and have a list of the mirrors on the wiki. This way those who
> are interested can use them. Like when the mirror is faster/closer to them
> or to help out when hackage is temporarily down. Those who need the security
> can choose not to use mirrors, or make their own (private), or develop a
> secure scheme, when it doesn't exist yet.
>
> Have I misunderstood something?
> I thought "X is a mirror of Y" meant X would be a read-only replica of Y,
> with some sort of protocol between X and Y to keep X up to date.
> As long as the material from Y replicated at X is *supposed* to be
> publicly available, I don't see a security problem here.  Only Y accepts
> updates from outside, and it continues to do whatever authentication it
> would do without a mirror.  The mirror X would *not* accept updates.
>
>
Yes, that's what I think of mirrors too. I don't know if that was what you
meant, but yes those mirrors would be just passive copies of the real
hackage server (no updates from a user), and serve as a place to download
packages from until the original hackage comes back.

But for the security issue, ofcourse any host of a mirror could abuse that.
But I think for non-critical stuff I wouldn't mind using the mirror if it
has shown to be trustworthy. And for people  using Haskell a lot, if the
making of your own mirror is as simple as installing some package on your
webserver and running it, then this would be a great remedy against those
hours when something has happened to hackage..

--
Markus Läll
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20101209/d921ac10/attachment.htm>