On Sun, Sep 26, 2010 at 10:31 PM, Ask Bjørn Hansen <a...@perl.org> wrote: > On Sep 26, 2010, at 17:40, David Golden <xda...@gmail.com> wrote: > >> I'm more interested in getting a proper tiering structure in place and a way >> for people to register themselves on a tier. > > Just start with: > > Tier 1 = handpicked mirrors using the instant sync thing; tier 2 = everything > else.
Tier 1 are the handpicked mirrors that Andreas has authorized for fast rsync. Tier 2 is everything syncing from them. Then "Tier X" is everything else that is slow. :-) >> How we syndicate is (a) easy if we just use the old MIRRORED.BY that old >> clients support and (b) half-easy if we have a new way to publish >> information that future >> clients can support. > > For new clients I'd really like if we put the discovery mechanism on a > separate hostname from the regular mirrors (a copy of the files should be on > the mirrors, too). +1 > Related notes: would it make sense to sign the (timestamped) list of mirrors? No. I'd rather avoid signing things since there are easier CPAN attack vectors anyway and checking signatures requires extra, non-core crypto stuff. (Unless you mean stick MD5/SHA1 of the mirror list on an "authoritative" URI somewhere, in which case I have no objections.) -- David
