On 25 July 2008, Mike McGrath wrote: > On Fri, 25 Jul 2008, Mike McGrath wrote: > > > On Fri, 25 Jul 2008, Josh Bressers wrote: > > > > > On 21 July 2008, Josh Bressers wrote: > > > > On 19 July 2008, "Justin Cappos" wrote: > > > > > > > > > > By the way, did you remove the ability for mirror admins to select a > > > > > subnet where they'll serve all of the traffic? We're particularly > > > > > concerned about this issue in the short term. We took our mirror > > > > > down (mirror1.lockdownhosting.com) quite a while ago so we can't check > > > > > for ourselves. > > > > > > > > > > > AFAIK, this service is still in place and working fine. Though I am a > little confused about the question. It sounds like you'd like to direct > all subnet traffic to a specific mirror. But you're also saying you took > your mirror down. Are you worried people in your subnet are being > directed to a down mirror? > No, the problem is what happens when a malicious mirror claims a subnet? This is currently being viewed as a security issue due to this research: http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html -- JB _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
