www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Kveton <kve...@oregonstate.edu>
Subject Re: cvs commit: site/xdocs/dev mirrors.xml
Date Wed, 27 Nov 2002 23:37:20 GMT
> With the point of people relying on binaries, I'm reffering to people
> that use up2date from redhat and assume that it will update their apache
> daemon.. It might but it only tags the version as 1.3.22 for instance..
> Or one other case I heard about in there was debian patching up 1.3.9..
> I've had this discussion with Joshua before, but I think if people are
> serious about having a quality mirror they should download the source
> code from apache.org or an apache mirror.. Compile it up and be done
> with it.

I've got to completely disagree with this.

A quality mirror has little or nothing to do with that; as long as
you're not running a version that is vulnerable, how can that matter?
I would also say that by depending on my pre-packaged binaries I'm
actually _more_ secure than most mirrors because I get the updates
automatically (that's not to say all update systems are like that; I
know nothing of the quality of Redhat or Mandrake for instance).

I run a lot of mirrors and move a lot of data with them.  I use proftpd,
Apache and rsync to get it done.  I'm not a master with any of them but
this isn't my primary job; then again, I don't know many full-time
mirror operators.

Just my $0.02,

Scott :-)

View raw message