[Haskell-cafe] Offer to mirror Hackage
wren ng thornton
wren at freegeek.org
Sat Dec 11 12:28:45 CET 2010
On 12/11/10 5:59 AM, wren ng thornton wrote:
> On 12/9/10 4:04 PM, Richard O'Keefe wrote:
>> As long as the material from Y replicated at X is *supposed* to be
>> publicly available, I don't see a security problem here. Only Y accepts
>> updates from outside, and it continues to do whatever authentication it
>> would do without a mirror. The mirror X would *not* accept updates.
> The security issue is how does a client, C, know to trust X (maybe X is
> evil) or know to trust the transmission of data from Y to X (maybe a man
> in the middle corrupted things and X has become a confused deputy), etc.
P.S., X can't really be a "confused deputy" here since X has no special
privileges, rather X would become more of a confused librarian:
y'know, the kindly old but somewhat senile librarian who occasionally
mistakes your requests (like that time they gave you Cujo when you asked
for a book on the care and feeding of pets, or the time they gave you
some writings by the Marquis de Sade when you were doing research for
your anatomy class).
 The implicit trust C has for X usually isn't counted as a
"privilege" in the security world.
More information about the Haskell-Cafe