[Haskell-cafe] Offer to mirror Hackage
wren ng thornton
wren at freegeek.org
Sat Dec 11 12:28:45 CET 2010
On 12/11/10 5:59 AM, wren ng thornton wrote:
> On 12/9/10 4:04 PM, Richard O'Keefe wrote:
>> As long as the material from Y replicated at X is *supposed* to be
>> publicly available, I don't see a security problem here. Only Y accepts
>> updates from outside, and it continues to do whatever authentication it
>> would do without a mirror. The mirror X would *not* accept updates.
>
> The security issue is how does a client, C, know to trust X (maybe X is
> evil) or know to trust the transmission of data from Y to X (maybe a man
> in the middle corrupted things and X has become a confused deputy), etc.
P.S., X can't really be a "confused deputy" here since X has no special
privileges[1], rather X would become more of a confused librarian:
y'know, the kindly old but somewhat senile librarian who occasionally
mistakes your requests (like that time they gave you Cujo when you asked
for a book on the care and feeding of pets, or the time they gave you
some writings by the Marquis de Sade when you were doing research for
your anatomy class).
[1] The implicit trust C has for X usually isn't counted as a
"privilege" in the security world.
--
Live well,
~wren
More information about the Haskell-Cafe
mailing list