[Typo3-typo3org] Overview of discussions and concepts

Bodo Eichstädt be at typo3cluster.com
Fri Mar 11 11:01:30 CET 2005 

Hello list,

to give a summary:

I. Now we have problems with performance / availibity of the TER. 
Mirrors are the solution.
II. Distributing the load mustn't result in less security.

Thought, ideas:

I. How about performance if the load will increasing dramatically ? What 
about this sync'ing with more and more mirrors ?

My idea:
Perhaps figure out how we can use some push instead of pull (polling) 
and peer-to-peer technics.


a) push versus pull
rsync every 15 mins means no control *when* the mirrors will connect to 
ter.typo3.org. How about a "ping" from ter.typo3.org to each mirror as 
long as the load is under x.y ? Every new connect increases the load for 
some seconds/minutes.

So ter.typo3.org will (hopefully) never be overloaded but there could be 
some outdated mirrors.
If ter is down no one will waste energy in trying to connect. If someone 
is in doubt if he missed the "ping"he could still try to fetch updates 
after an timeout.

b) peer-to-peer:
If there are two mirrors which have the actual update already I could 
connect by *random* to one of them to fetch my updates. For example 
ter.typo3.org knows all registered mirrors a could publish a list as a 
suggestion. Perhaps this list is build dynamically in a way that it 
consists only of mirorrs that have *all* actual EXT and updates.

If you are really against this then you could publish an 
http://ter.typo3.org/TER-MD5.txt with a checksum over all EXT. This is a 
fast and short connect with a few bytes traffic. No change in this file 
means no change in TER at all. (HTTP modified since)


II. So, how about the security and/or trust in TER today ?

Short answer:
You must read the code to ensure, that your installation does really 
connect to typo3.org instead.

Same as with deb/rpm-packages. Yes, they are MD5-signed. But does your 
tool show you the correct hash or is it a fake ?
100% security is never to archive.

If an site-admin injects php-code by TS which redirects to an an 
untrustworthy TER I am not reponsible. Can't be.
Even MD5 can give me only a hint because an attacker would change then 
code for checking this by:

if($ext == "tx_XYZ") { echo "For your security: MD5 of tx_XYZ is 
373834de78ea...."; return "..."; }


So I agree that MD5 is good enough. Distributed as a list as in a static 
file Packages.gz from ter.typo3.org directly! But the local checking I 
really have to achieve on my own.


Bodo


-- 
========> Typo3Cluster Ltd. & Co. KG <==================
Schlossallee 26d             Tel   +49 700 02478828
D-13156 Berlin               Fax   +49 700 02478828
http://www.typo3cluster.com  eMail info at typo3cluster.com

More information about the TYPO3-team-typo3org mailing list