On Mon, Jul 28, 2008 at 5:29 PM, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > On Mon, 2008-07-28 at 17:28 -0400, Mike McLean wrote: >> Would it be feasible to audit the mirror content? We have the list of >> mirrors, we know what the content should be. I think we'd only need to >> validate the mirrored repomd.xml, right? Doesn't seem to onerous... >> >> yes, yes, not perfect, malicious mirror could change the content, etc, >> but at least we'd have some measure of detection. > > which is the point. A malicious mirror could safely lie to us and not > lie to their targets. Depends on who 'us' is. We could run such checks from a number of different locations. Anyway, I didn't mean to suggest this as a total solution. > Additionally, mirrormanager DOES check the mirrors. Good to know. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
