| 1 |
On Friday 12 November 2004 09:02 am, Dan Margolis wrote: |
| 2 |
> Klaus Wagner wrote: |
| 3 |
> > I think if the rsync mirrors are too stressed for signation, they would |
| 4 |
> > be too stressed for rsync too, allthough rsync could be tunneled too. |
| 5 |
> |
| 6 |
> One of the suggestions we were kicking around was to use Stunnel to |
| 7 |
> encrypt rsync over SSL. This, of course, fails to be as encompassing as |
| 8 |
> the Final Solution involving GPG, but is suitable as a stopgap. We |
| 9 |
> rejected it because of concern about server load on the mirrors, |
| 10 |
> actually, since SSL does introduce some significant CPU overhead. |
| 11 |
|
| 12 |
wouldn't public-key rsync over ssh be a lower CPU load option than rsync over |
| 13 |
SSL? This option would also be suitable as a 'secure rsync' method for |
| 14 |
remote users, if you wanted to push it out that far. I can see how CPU load |
| 15 |
for remote users to tunnel rsync over SSL or ssh, but the connection between |
| 16 |
the Gentoo rsync master and the mirrors could be secured this way. |
| 17 |
|
| 18 |
Regards, |
| 19 |
|
| 20 |
- Brian |
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives