| 1 |
as opposed to Stunnel , won't a simple 'rsync -e ssh' suffice? |
| 2 |
those who want to can use ssh, others can use the default, rsh |
| 3 |
<shudders> |
| 4 |
or, if you start the server with one, will it not respond to the other? |
| 5 |
|
| 6 |
james |
| 7 |
|
| 8 |
On Nov 12, 2004, at 8:08 AM, Paul de Vrieze wrote: |
| 9 |
|
| 10 |
> On Friday 12 November 2004 13:54, dante@×××××××××××××××.net wrote: |
| 11 |
>> The recent discussion on how to protect the portage tree from |
| 12 |
>> man-in-the-middle attacks has concentrated on signing either the |
| 13 |
>> portage tarball or the individual files in the tree. |
| 14 |
>> |
| 15 |
>> What about approaching the problem the way OpenBSD deals with its |
| 16 |
>> ports, that is with cvs over an ssh tunnel to authorized mirrors. The |
| 17 |
>> only drawback I see is that many gentoo users use rsync, but the cvs |
| 18 |
>> approach could be added on top of what already exists and security |
| 19 |
>> conscious users will then have the option of switching. |
| 20 |
> |
| 21 |
> In the early days, gentoo did actually offer anonymous cvs. It was |
| 22 |
> quickly |
| 23 |
> removed as putting a too big load on the servers. I don't know whether |
| 24 |
> we |
| 25 |
> can devise a way in which we can offer an acceptable level of anon cvs. |
| 26 |
> In between I do think that we might want to set up secure rsync (ssh or |
| 27 |
> stunnel) at least from the master rsync mirror to the normal mirrors, |
| 28 |
> and |
| 29 |
> maybe even allow normal users to use "secure rsync". Setting up ssl |
| 30 |
> rsync |
| 31 |
> should not be hard, allthough rsync does not by itself support it out |
| 32 |
> of |
| 33 |
> the box. Stunnel should be able to offer it. |
| 34 |
> |
| 35 |
> Paul |
| 36 |
> |
| 37 |
> -- |
| 38 |
> Paul de Vrieze |
| 39 |
> Gentoo Developer |
| 40 |
> Mail: pauldv@g.o |
| 41 |
> Homepage: http://www.devrieze.net |
| 42 |
|
| 43 |
|
| 44 |
-- |
| 45 |
gentoo-security@g.o mailing list |
Archives