From owner-freebsd-pkg@FreeBSD.ORG Fri May 30 09:25:48 2014 Return-Path: Delivered-To: freebsd-pkg@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0F2DF78C for ; Fri, 30 May 2014 09:25:48 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id ADEE121E1 for ; Fri, 30 May 2014 09:25:47 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s4U9PY6X050321 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Fri, 30 May 2014 10:25:40 +0100 (BST) (envelope-from matthew@freebsd.org) Authentication-Results: lucid-nonsense.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s4U9PY6X050321 Authentication-Results: smtp.infracaninophile.co.uk/s4U9PY6X050321; dkim=none reason="no signature"; dkim-adsp=none X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <53884E85.2020206@freebsd.org> Date: Fri, 30 May 2014 10:25:25 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-pkg@freebsd.org Subject: Re: Mirroring pkg.freebsd.org? References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98" X-Virus-Scanned: clamav-milter 0.98.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00,RDNS_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2014 09:25:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/29/14 19:54, Rick Miller wrote: > I found a message in the archives[1] from march 2014 that mentions opti= ons > for mirroring pkg.freebsd.org were being experimented with. It goes on= to > say a communique would be issued "soon" on a viable way to accomplish t= his. > I'm wondering how far off this might be? >=20 > [1] http://lists.freebsd.org/pipermail/freebsd-pkg/2014-March/000253.ht= ml As far as I know, there are no official pkg mirrors in Asia. Currently there are 4: US East (NYI), US West (ISC), Europe (UK) and Russia. There is, in general, no provision for people to create private mirrors of package repositories. In fact, I believe the general policy is now against that sort of thing. Partly this is down to technological change -- computer hardware capability is so much greater today, and high-bandwidth connectivity with access to the whole world is that much more prevalent, so a smaller number of servers is sufficient. Mostly it's due to security concerns. It would be too easy for someone to trojan a package in a semi-official repository that the FreeBSD project has no real control over. Yes, there are measures including package signing to mitigate against this, but we can't enforce their use by end-users. On the other hand, pkg.freebsd.org just uses plain HTTP for network communications and it's quite friendly towards being accessed through a proxy-cache setup. Cheers, Matthew --g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTiE6MXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnPowQAId92jjJACrfESIGIS9cviAK w5KFzpr9uC0WrpU0XANGvMksqmUVxe/w5HYkgeMl1+rRy2T6j8giDI5woxZP1BwY 2wr3hHXaxSXddc//lUL4aDQ9YniS/yZtN7K7jsRPS9AkVkvcsu2XOX5WVmnsRL34 Elqr9figOQyQI7uEJl0UolvzZY5ldyO9IIUJXlL6mEJ4PmCilOcsMZuf4I3BbsqD NTO+SwGNyGjUDLZoSJX6JAPQv7k/ZM3LF45gWd9lCVtIZIgEuN7IY3amp1ABM662 sdteRifZp/yvfhwV5wua1Y6JBK0SaeW9/wH9fZpTe3Gk6JkU3HGME9zaS7NonHwJ M/Yi6xfOG6VyPuznnyyn5uyvo1PqWk7mA4uE9m+THYrlpywcUR1qRDluf6O4EpTP bpc17FkNeaS05mmeJMM8o5fqDxd1cJfQBJIW4XTNYitj39OQbIQne9OVhIj6RM/G A9QjrNpLgCN1n1xKGuI0k3tVLDF4yw1Sp0JEV1Jyn2VzGkA//Km7S8B7KW85rzDy XC1Fx0tERbDyIMatOA2B6+meQP9FUaXOrAS1aUBZTapX3t8TY93dRWLLQQxV5YPf vwkI5Juy68izJOfDFF3ciHRvGzxv/z+lgLv9vIZ1cYNruxMqBqVXTCHoivWB3RIh XOMzw4fxPirz9NBqsvTl =v/AP -----END PGP SIGNATURE----- --g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98--