Date: Fri, 30 May 2014 10:25:25 +0100 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-pkg@freebsd.org Subject: Re: Mirroring pkg.freebsd.org? Message-ID: <53884E85.2020206@freebsd.org> In-Reply-To: <CAHzLAVH0aTMRJDqPQgAddXv3Kh9-aXJmMnU1EAkEuZpuNfyzoQ@mail.gmail.com> References: <CAHzLAVH0aTMRJDqPQgAddXv3Kh9-aXJmMnU1EAkEuZpuNfyzoQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/29/14 19:54, Rick Miller wrote: > I found a message in the archives[1] from march 2014 that mentions opti= ons > for mirroring pkg.freebsd.org were being experimented with. It goes on= to > say a communique would be issued "soon" on a viable way to accomplish t= his. > I'm wondering how far off this might be? >=20 > [1] http://lists.freebsd.org/pipermail/freebsd-pkg/2014-March/000253.ht= ml As far as I know, there are no official pkg mirrors in Asia. Currently there are 4: US East (NYI), US West (ISC), Europe (UK) and Russia. There is, in general, no provision for people to create private mirrors of package repositories. In fact, I believe the general policy is now against that sort of thing. Partly this is down to technological change -- computer hardware capability is so much greater today, and high-bandwidth connectivity with access to the whole world is that much more prevalent, so a smaller number of servers is sufficient. Mostly it's due to security concerns. It would be too easy for someone to trojan a package in a semi-official repository that the FreeBSD project has no real control over. Yes, there are measures including package signing to mitigate against this, but we can't enforce their use by end-users. On the other hand, pkg.freebsd.org just uses plain HTTP for network communications and it's quite friendly towards being accessed through a proxy-cache setup. Cheers, Matthew --g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTiE6MXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnPowQAId92jjJACrfESIGIS9cviAK w5KFzpr9uC0WrpU0XANGvMksqmUVxe/w5HYkgeMl1+rRy2T6j8giDI5woxZP1BwY 2wr3hHXaxSXddc//lUL4aDQ9YniS/yZtN7K7jsRPS9AkVkvcsu2XOX5WVmnsRL34 Elqr9figOQyQI7uEJl0UolvzZY5ldyO9IIUJXlL6mEJ4PmCilOcsMZuf4I3BbsqD NTO+SwGNyGjUDLZoSJX6JAPQv7k/ZM3LF45gWd9lCVtIZIgEuN7IY3amp1ABM662 sdteRifZp/yvfhwV5wua1Y6JBK0SaeW9/wH9fZpTe3Gk6JkU3HGME9zaS7NonHwJ M/Yi6xfOG6VyPuznnyyn5uyvo1PqWk7mA4uE9m+THYrlpywcUR1qRDluf6O4EpTP bpc17FkNeaS05mmeJMM8o5fqDxd1cJfQBJIW4XTNYitj39OQbIQne9OVhIj6RM/G A9QjrNpLgCN1n1xKGuI0k3tVLDF4yw1Sp0JEV1Jyn2VzGkA//Km7S8B7KW85rzDy XC1Fx0tERbDyIMatOA2B6+meQP9FUaXOrAS1aUBZTapX3t8TY93dRWLLQQxV5YPf vwkI5Juy68izJOfDFF3ciHRvGzxv/z+lgLv9vIZ1cYNruxMqBqVXTCHoivWB3RIh XOMzw4fxPirz9NBqsvTl =v/AP -----END PGP SIGNATURE----- --g6i2i9p7nsIjr9bwnJ8BkxulJGqc2Xd98--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53884E85.2020206>