develooper Front page | | Postings from February 2015

Re: HTTPS, CPAN, and dist integrity

Thread Previous | Thread Next
Michiel Beijen
February 4, 2015 09:37
Re: HTTPS, CPAN, and dist integrity
Message ID:
Hi Cosimo,

On Wed, Feb 4, 2015 at 10:29 AM, Cosimo Streppone <> wrote:
> On 04. feb. 2015 08:17, Michiel Beijen wrote:
>> Can anyone fill in on the feasibility of directing all cpan cients to
>> *one* site, i.e. ?
> Having multiple mirrors is IMO one of the many things
> that CPAN got right from the start.
> Other similar but centralized package repositories
> have failed (and continue to fail) miserably.
> Why go centralised if the problem is elsewhere?
> CDNs, while being distributed, are managed centrally
> by one entity, who also pays the bandwidth/service cost.

Yeah of course, it should not be one **host** - but it can still be
one URL which leverages a CDN right? Are you saying "CDN, bad,
mirrors, good?

I understand this might mean more bandwidth cost for the one who pays
the bills - therefore I've asked about how we could find out about the
amount of traffic that would be involved.

If bandwidth would be much of a concern it could also be a possibility
to get the checksums for the dists from one source via HTTPS, perform
the download from a mirror and then verify the checksum.


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About