[Haskell-cafe] Offer to mirror Hackage

Richard O'Keefe ok at cs.otago.ac.nz
Fri Dec 10 03:13:19 CET 2010

On 10/12/2010, at 10:50 AM, Riad S. Wahby wrote:

> Richard O'Keefe <ok at cs.otago.ac.nz> wrote:
>> I thought "X is a mirror of Y" meant X would be a read-only replica of Y,
>> with some sort of protocol between X and Y to keep X up to date.
>> As long as the material from Y replicated at X is *supposed* to be
>> publicly available, I don't see a security problem here.  Only Y accepts
>> updates from outside, and it continues to do whatever authentication it
>> would do without a mirror.  The mirror X would *not* accept updates.
> At the very least, this assumes that you trust all the mirror operators.
> Sure, I'm trustworthy, but how about those other guys? >:)

See the words "some sort of protocol between X and Y"?

This means that Y has to be authenticated to X and X to Y and they
use some sort of encryption scheme that prevents man-in-the-middle

Right now, of course, nothing whatever stops someone building a 'robot'
at X to visit Y periodically and update X; the missing piece is any
kind of accreditation at Y.

More information about the Haskell-Cafe mailing list