| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Klaus Wagner wrote: |
| 5 |
> I think if the rsync mirrors are too stressed for signation, they would be |
| 6 |
> too stressed for rsync too, allthough rsync could be tunneled too. |
| 7 |
|
| 8 |
One of the suggestions we were kicking around was to use Stunnel to |
| 9 |
encrypt rsync over SSL. This, of course, fails to be as encompassing as |
| 10 |
the Final Solution involving GPG, but is suitable as a stopgap. We |
| 11 |
rejected it because of concern about server load on the mirrors, |
| 12 |
actually, since SSL does introduce some significant CPU overhead. |
| 13 |
|
| 14 |
Not running the mirrors myself, I can't really give you any figures. But |
| 15 |
GPG signing introduces no CPU load and minimal extra amounts of data, so |
| 16 |
is, from the infrastructure standpoint, the least likely to cause things |
| 17 |
to fall over. |
| 18 |
- -- |
| 19 |
Dan "KrispyKringle" Margolis |
| 20 |
Security Coordinator/Audit Project, Gentoo Linux |
| 21 |
-----BEGIN PGP SIGNATURE----- |
| 22 |
Version: GnuPG v1.2.4 (Darwin) |
| 23 |
|
| 24 |
iQEVAwUBQZTQgbDO2aFJ9pv2AQIrcQf/cLcB1Eu/HgsxLnXNTPsc1NyWJ2cQVT+w |
| 25 |
uCXw3xMwmaKhZFxG/W3ow6r8h+DPV3Cs69s+UjUiwA4TAGQejo/UaQuq1a8i3ZJp |
| 26 |
WLFyg+M4wkrIO0Op26EIOPF5bofVbdL3LoK2PaGqWHTIoy6KGawBda3PBt0LpCKm |
| 27 |
SFi9Y+hwPiiQkzfDrLlMcMem7vBOvIw4MrqZvqA12GLu9kQ9bu4it94RnlbsHWc1 |
| 28 |
1R7Yicc42L15GBKwenngKTlsHfTpUGcUBTaRVKL2OhoywTlq2Wwg6GYXkqbgvI5h |
| 29 |
z9DVTdM05BhK1GJ60j7fDLv47l/H/NCmupp3k/GXcjfyFOVpUu5Weg== |
| 30 |
=c+h1 |
| 31 |
-----END PGP SIGNATURE----- |
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-security@g.o mailing list |
Archives