On 2012-09-06, johnw <johnw.m...@gmail.com> wrote: > Sorry, my english is so bad. > anyway, i want to say is ... below > >> pkg_add does support scp for downloading packages, though there aren't any >> mirrors that use it. See pkg_add(1): > > Yes, why those mirrors do not support scp/sftp (package files) > transfer? (loading problem? or?)
pkg_add's "scp" support currently involves the client piping a perl script to the server and running it there. That's not going to happen on an anonymous server with untrusted users, It is possible (easy, even) to modify the script so it can run on the server as a forced command (like is done with anoncvs), basically you just need a copy of the current script, plus a tweak to ignore the script piped to it, but there is little chance of being able to run that on the majority of public mirrors. A bunch of extra CPU use and admin work needed on the mirror, for relatively little benefit. If you're really worried about packages getting intercepted on the way to you, you could always build your own packages. DPB is pretty easy to use, and things build fairly fast on modern hardware.