also saw this link from Attacks on Package Managers, nice mention! http://www.cs.arizona.edu/stork/packagemanagersecurity/faq.html
Q: What about OpenSUSE's download redirector? Does it increase or decrease my security? A: OpenSUSE's download redirector increases the user's security because metadata is served directly by the download redirector. This means that the client gets the metadata from a trusted source (not a mirror). While this doesn't protect against all of the attacks a client may face (such as endless data attacks by mirrors or replay attacks by a man-in-the-middle attacker), it does make it much more difficult for an attacker to successfully impact a client. We strongly recommend that openSUSE users use the download redirector (as is done by default) since it increases their resistance to attack. ---------- Forwarded message ---------- From: Peter Poeml <[email protected]> Date: Fri, Nov 27, 2009 at 7:32 PM Subject: [mirrorbrain-announce] 2.10.3 release To: [email protected] Hi, there goes MirrorBrain 2.10.3. This is a minor bugfix and feature update, and nevertheless the changes are not insignificant. First, there is a new program called 'null-rsync'. http://svn.mirrorbrain.org/viewvc/mirrorbrain/trunk/tools/null-rsync?view=markup It creates a pseudo mirror of a remote file tree, without occupying significant disk space. Use case: running MirrorBrain instances without hosting the file tree locally; and also experimentation and development. This should allow to run MirrorBrain without (real) local files. The scenario hasn't tested yet, but I'd say it looks promising. Then, this release fixes usability issues in the 'mb' tool that could occur when creating new mirrors, when running into DNS intricacies. The change is that the admin is now given a link to in-depth background information. (The link is my posting from earlier today on the mirror mailing list: http://mirrorbrain.org/archive/mirrorbrain/0042.html number 42, you know :-) Finally, some small sorting issues in the generation of mirror lists have been fixed. Details are in the 2.10.3 release notes: http://mirrorbrain.org/docs/changes/#release-2-10-3-r7871-nov-28-2009 Peter _______________________________________________ mirrorbrain-announce mailing list Archive: http://mirrorbrain.org/archive/mirrorbrain-announce/ Note: To remove yourself from this mailing list, send a mail with the content unsubscribe to the address [email protected] -- (( Anthony Bryan ... Metalink [ http://www.metalinker.org ] )) Easier, More Reliable, Self Healing Downloads -- You received this message because you are subscribed to the Google Groups "Metalink Discussion" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/metalink-discussion?hl=en.
