1 |
On Friday 12 November 2004 09:02 am, Dan Margolis wrote: |
2 |
> Klaus Wagner wrote: |
3 |
> > I think if the rsync mirrors are too stressed for signation, they would |
4 |
> > be too stressed for rsync too, allthough rsync could be tunneled too. |
5 |
> |
6 |
> One of the suggestions we were kicking around was to use Stunnel to |
7 |
> encrypt rsync over SSL. This, of course, fails to be as encompassing as |
8 |
> the Final Solution involving GPG, but is suitable as a stopgap. We |
9 |
> rejected it because of concern about server load on the mirrors, |
10 |
> actually, since SSL does introduce some significant CPU overhead. |
11 |
|
12 |
wouldn't public-key rsync over ssh be a lower CPU load option than rsync over |
13 |
SSL? This option would also be suitable as a 'secure rsync' method for |
14 |
remote users, if you wanted to push it out that far. I can see how CPU load |
15 |
for remote users to tunnel rsync over SSL or ssh, but the connection between |
16 |
the Gentoo rsync master and the mirrors could be secured this way. |
17 |
|
18 |
Regards, |
19 |
|
20 |
- Brian |
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |