On Wed, Oct 21, 2009 at 09:27:15PM +0300, Gokdeniz Karadag wrote:
> FYI, that file had been there since I started mirroring gentoo ~1.5 years ago.
> There is no read permission, as a result it does not become public, but gives
> annoying message at every sync. I just --excluded that file to get rid of the
> error message.
The file is meant to go out to your mirrors, and give a 403 when anybody
tries to access it. darkside (our new mirroradmin) is working on
updating the checker scripts to make sure it exists and returns an error
on your mirrors.

It's got the same permissions that we use for staging content.

Specifically
1. Place content on mirror, with permissions to distribute TO mirror
   only. Permissions on files is 0600, dirs 0700, user/group =
   rsync:root.
2. Wait for content to hit mirrors.
3. Change permissions to 0644 / 0755.

Additionally, you run your rsync fetch as root or rsync, and you serve
the files as some unprivileged uid (NOT user=rsync).

The OSU mirror that feeds all of your mirrors was supposed to be
explicitly configured that you could fetch from it always, but it seems
that is broken.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@g.o
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85