Whitelist extension (was: Re: [Typo3-typo3org] Comments on the mirroring concept)

Robert Lemke robert at typo3.org
Sun Mar 13 13:45:01 CET 2005

On Sunday 13 March 2005 13:29, Juergen Egeling wrote:
> * Robert Lemke <robert at typo3.org> [050312 23:23]:
> > What I aimed for is a very simple thing: After downloading an extension,
> > the EM tries to connect to the master repository / the super mirrors and
> > checks the MD5. If it is okay it does not say anything. If integrety
> > fails, a
> Which will lead to many small hits to the super mirror. Hmm, we should
> think about that. Fact is: People than have to wait for the original EXT
> server plus a connect time to the super mirror.
> Could all be fast, but could lead to problems on slower lines, DNS not
> answering fast enough, etc. pp.

On the other hand we also want to log the downloads of extensions if possible, 
so we can use the request for an md5 to increase the number of downloads for 
that extension.

> I personally think an MD5 in the EXT is fine. To check if the server admins
> are "bad" I would stick to an idea, where we have a few server admins.

We already have a MD5 hash in the t3x files for checking the integrity of the 
t3x file in general.

> Advantage: If we stick to regular FTP mechanisms, we could use the already
> existing infrastructure of some FTP Servers.

But it must be possible at least to use HTTP as well because "setting up" a 
HTTP based mirror is easier for some people who want to provide a mirror.

Robert Lemke
Assessor - TYPO3 Association

More information about the TYPO3-team-typo3org mailing list