1 |
as opposed to Stunnel , won't a simple 'rsync -e ssh' suffice? |
2 |
those who want to can use ssh, others can use the default, rsh |
3 |
<shudders> |
4 |
or, if you start the server with one, will it not respond to the other? |
5 |
|
6 |
james |
7 |
|
8 |
On Nov 12, 2004, at 8:08 AM, Paul de Vrieze wrote: |
9 |
|
10 |
> On Friday 12 November 2004 13:54, dante@×××××××××××××××.net wrote: |
11 |
>> The recent discussion on how to protect the portage tree from |
12 |
>> man-in-the-middle attacks has concentrated on signing either the |
13 |
>> portage tarball or the individual files in the tree. |
14 |
>> |
15 |
>> What about approaching the problem the way OpenBSD deals with its |
16 |
>> ports, that is with cvs over an ssh tunnel to authorized mirrors. The |
17 |
>> only drawback I see is that many gentoo users use rsync, but the cvs |
18 |
>> approach could be added on top of what already exists and security |
19 |
>> conscious users will then have the option of switching. |
20 |
> |
21 |
> In the early days, gentoo did actually offer anonymous cvs. It was |
22 |
> quickly |
23 |
> removed as putting a too big load on the servers. I don't know whether |
24 |
> we |
25 |
> can devise a way in which we can offer an acceptable level of anon cvs. |
26 |
> In between I do think that we might want to set up secure rsync (ssh or |
27 |
> stunnel) at least from the master rsync mirror to the normal mirrors, |
28 |
> and |
29 |
> maybe even allow normal users to use "secure rsync". Setting up ssl |
30 |
> rsync |
31 |
> should not be hard, allthough rsync does not by itself support it out |
32 |
> of |
33 |
> the box. Stunnel should be able to offer it. |
34 |
> |
35 |
> Paul |
36 |
> |
37 |
> -- |
38 |
> Paul de Vrieze |
39 |
> Gentoo Developer |
40 |
> Mail: pauldv@g.o |
41 |
> Homepage: http://www.devrieze.net |
42 |
|
43 |
|
44 |
-- |
45 |
gentoo-security@g.o mailing list |