[Typo3-typo3org] Overview of discussions and concepts
Bodo Eichstädt
be at typo3cluster.com
Fri Mar 11 11:01:30 CET 2005
Hello list,
to give a summary:
I. Now we have problems with performance / availibity of the TER.
Mirrors are the solution.
II. Distributing the load mustn't result in less security.
Thought, ideas:
I. How about performance if the load will increasing dramatically ? What
about this sync'ing with more and more mirrors ?
My idea:
Perhaps figure out how we can use some push instead of pull (polling)
and peer-to-peer technics.
a) push versus pull
rsync every 15 mins means no control *when* the mirrors will connect to
ter.typo3.org. How about a "ping" from ter.typo3.org to each mirror as
long as the load is under x.y ? Every new connect increases the load for
some seconds/minutes.
So ter.typo3.org will (hopefully) never be overloaded but there could be
some outdated mirrors.
If ter is down no one will waste energy in trying to connect. If someone
is in doubt if he missed the "ping"he could still try to fetch updates
after an timeout.
b) peer-to-peer:
If there are two mirrors which have the actual update already I could
connect by *random* to one of them to fetch my updates. For example
ter.typo3.org knows all registered mirrors a could publish a list as a
suggestion. Perhaps this list is build dynamically in a way that it
consists only of mirorrs that have *all* actual EXT and updates.
If you are really against this then you could publish an
http://ter.typo3.org/TER-MD5.txt with a checksum over all EXT. This is a
fast and short connect with a few bytes traffic. No change in this file
means no change in TER at all. (HTTP modified since)
II. So, how about the security and/or trust in TER today ?
Short answer:
You must read the code to ensure, that your installation does really
connect to typo3.org instead.
Same as with deb/rpm-packages. Yes, they are MD5-signed. But does your
tool show you the correct hash or is it a fake ?
100% security is never to archive.
If an site-admin injects php-code by TS which redirects to an an
untrustworthy TER I am not reponsible. Can't be.
Even MD5 can give me only a hint because an attacker would change then
code for checking this by:
if($ext == "tx_XYZ") { echo "For your security: MD5 of tx_XYZ is
373834de78ea...."; return "..."; }
So I agree that MD5 is good enough. Distributed as a list as in a static
file Packages.gz from ter.typo3.org directly! But the local checking I
really have to achieve on my own.
Bodo
--
========> Typo3Cluster Ltd. & Co. KG <==================
Schlossallee 26d Tel +49 700 02478828
D-13156 Berlin Fax +49 700 02478828
http://www.typo3cluster.com eMail info at typo3cluster.com
More information about the TYPO3-team-typo3org
mailing list