<div class="gmail_quote">On Thu, Dec 9, 2010 at 11:04 PM, Richard O'Keefe <span dir="ltr"><<a href="mailto:ok@cs.otago.ac.nz">ok@cs.otago.ac.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
On 10/12/2010, at 12:18 AM, Markus Läll wrote:<br>
<br>
> My take on the issue is that we should make it possible to easily mirror hackage (what the OP asked for), so that people could use it when they wanted to, and have a list of the mirrors on the wiki. This way those who are interested can use them. Like when the mirror is faster/closer to them or to help out when hackage is temporarily down. Those who need the security can choose not to use mirrors, or make their own (private), or develop a secure scheme, when it doesn't exist yet.<br>
<br>
</div>Have I misunderstood something?<br>
I thought "X is a mirror of Y" meant X would be a read-only replica of Y,<br>
with some sort of protocol between X and Y to keep X up to date.<br>
As long as the material from Y replicated at X is *supposed* to be<br>
publicly available, I don't see a security problem here. Only Y accepts<br>
updates from outside, and it continues to do whatever authentication it<br>
would do without a mirror. The mirror X would *not* accept updates.<br>
<br>
</blockquote></div><br><div>Yes, that's what I think of mirrors too. I don't know if that was what you meant, but yes those mirrors would be just passive copies of the real hackage server (no updates from a user), and serve as a place to download packages from until the original hackage comes back.</div>
<div><br></div><div>But for the security issue, ofcourse any host of a mirror could abuse that. But I think for non-critical stuff I wouldn't mind using the mirror if it has shown to be trustworthy. And for people using Haskell a lot, if the making of your own mirror is as simple as installing some package on your webserver and running it, then this would be a great remedy against those hours when something has happened to hackage..</div>
<div><br></div><div>--</div><div>Markus Läll</div>