--U+BazGySraz5kW0T
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach S.P.Zeidler (spz@serpens.de)
=20
> All cvs mirrors by necessity use rsync to update their repositories, since
> they need all the version diffs (i.e. the ,v files).
> If one built a staggered mirror network one should take into account both
> connectivity of the potential high stratum mirrors to the master site and
> connectivity to 'neighborly' mirrors, as well as stability of the mirror
> server and reactivity of the mirror admin. :)
> In order to make for fast updates it should be a push and not a pull model
> btw, but many mirror admins will balk at that suggestion.


With rsync, a push model should be buildable.=20
If we really get some reliable mirrors, they could create a user that
is able to login via SSH to tunnel rsync.=20

A simple shellskript on the master server could be triggered by cron
or an incident to rsync with the level 2 servers.


Those level 2 servers could use a sshd running on a port > 1024
exclusively for the NetBSD cvs-sync user by permitting only that user and
filtering IP source. Additionally, there is a shell for scp/sftp
access-only available in pkgsrc, I guess this should work with rsync
too, disallowing the rsync-user to login getting a "real" shell, if
the master gets penetrated.

--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
--=20
/h[a4@] (([c<] ((k)|(|<)))|((k)|(\|<))|(x)\s+\
((d)/([t\+]h)[3ea4@]\s+p[ll][a4@]n[3e][t\+]/i

--U+BazGySraz5kW0T
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFCr1XOEfTEHrP7rjMRApcDAJ9T+krT4j+IoxqdjDi3J6J5icYkvwCgm7d9
G7J5jQgpAkWvDxG5OnMUnXI=
=Ljl0
-----END PGP SIGNATURE-----

--U+BazGySraz5kW0T--