On Fri, Jul 25, 2008 at 12:46:15PM -0400, Josh Bressers wrote: > On 25 July 2008, Matt Domsch wrote: > > > > Yes, this is a known challenge with subnet delegation in > > MirrorManager. We're trusting package signing (and soon, repodata > > signing) to prevent rogue mirrors from issuing unsigned data. In > > addition, I'm working on adding in a way to prevent stale mirrors > > (with signed content) from being used. > > > > How does one get this subnet delegation though? Can I request any subnet I > want, or do we do some sort of verification? At present there is no verification (I'm not at all sure how one _could_ verify except by ARIN & co delegation). However there are limits as to how large a block can be requested. Nothing larger than a IPv4 /16 can be automatically requested. Fedora Infrastructure admins can add larger blocks, and request ARIN & co data when doing so. > What happens if the client decided its mirror is bad, I presume it will go > off and find a better one, even with delegation? Yes, the mirrorlist returned includes quite a few mirrors, in priority order. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
