[Haskell-cafe] Offer to mirror Hackage

wren ng thornton wren at freegeek.org
Sat Dec 11 12:28:45 CET 2010

On 12/11/10 5:59 AM, wren ng thornton wrote:
> On 12/9/10 4:04 PM, Richard O'Keefe wrote:
>> As long as the material from Y replicated at X is *supposed* to be
>> publicly available, I don't see a security problem here. Only Y accepts
>> updates from outside, and it continues to do whatever authentication it
>> would do without a mirror. The mirror X would *not* accept updates.
> The security issue is how does a client, C, know to trust X (maybe X is
> evil) or know to trust the transmission of data from Y to X (maybe a man
> in the middle corrupted things and X has become a confused deputy), etc.

P.S., X can't really be a "confused deputy" here since X has no special 
privileges[1], rather X would become more of a confused librarian: 
y'know, the kindly old but somewhat senile librarian who occasionally 
mistakes your requests (like that time they gave you Cujo when you asked 
for a book on the care and feeding of pets, or the time they gave you 
some writings by the Marquis de Sade when you were doing research for 
your anatomy class).

[1] The implicit trust C has for X usually isn't counted as a 
"privilege" in the security world.

Live well,

More information about the Haskell-Cafe mailing list