Subject: Re: ..and use mirrors! (was Re: current anoncvs machine needs a ticket to the moon)
To: matthew sporleder <firstname.lastname@example.org>
From: Stefan Schumacher <email@example.com>
Date: 06/15/2005 00:10:22
Content-Type: text/plain; charset=iso-8859-15
Also sprach S.P.Zeidler (firstname.lastname@example.org)
> All cvs mirrors by necessity use rsync to update their repositories, since
> they need all the version diffs (i.e. the ,v files).
> If one built a staggered mirror network one should take into account both
> connectivity of the potential high stratum mirrors to the master site and
> connectivity to 'neighborly' mirrors, as well as stability of the mirror
> server and reactivity of the mirror admin. :)
> In order to make for fast updates it should be a push and not a pull model
> btw, but many mirror admins will balk at that suggestion.
With rsync, a push model should be buildable.=20
If we really get some reliable mirrors, they could create a user that
is able to login via SSH to tunnel rsync.=20
A simple shellskript on the master server could be triggered by cron
or an incident to rsync with the level 2 servers.
Those level 2 servers could use a sshd running on a port > 1024
exclusively for the NetBSD cvs-sync user by permitting only that user and
filtering IP source. Additionally, there is a shell for scp/sftp
access-only available in pkgsrc, I guess this should work with rsync
too, disallowing the rsync-user to login getting a "real" shell, if
the master gets penetrated.
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
/h[a4@] (([c<] ((k)|(|<)))|((k)|(\|<))|(x)\s+\
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
-----END PGP SIGNATURE-----