develooper Front page | perl.qa | Postings from February 2015

Re: HTTPS, CPAN, and dist integrity

Thread Previous | Thread Next
From:
Michiel Beijen
Date:
February 4, 2015 09:37
Subject:
Re: HTTPS, CPAN, and dist integrity
Message ID:
CABD0r12M+Z24ZmsG1VsC26MfVWrNX1LJM_A76GRo-cOBMAFTQA@mail.gmail.com
Hi Cosimo,

On Wed, Feb 4, 2015 at 10:29 AM, Cosimo Streppone <cosimo@opera.com> wrote:
> On 04. feb. 2015 08:17, Michiel Beijen wrote:
>
>> Can anyone fill in on the feasibility of directing all cpan cients to
>> *one* site, i.e. https://cpan.metacpan.org/ ?
>
> Having multiple mirrors is IMO one of the many things
> that CPAN got right from the start.
>
> Other similar but centralized package repositories
> have failed (and continue to fail) miserably.
> Why go centralised if the problem is elsewhere?
>
> CDNs, while being distributed, are managed centrally
> by one entity, who also pays the bandwidth/service cost.

Yeah of course, it should not be one **host** - but it can still be
one URL which leverages a CDN right? Are you saying "CDN, bad,
mirrors, good?

I understand this might mean more bandwidth cost for the one who pays
the bills - therefore I've asked about how we could find out about the
amount of traffic that would be involved.

If bandwidth would be much of a concern it could also be a possibility
to get the checksums for the dists from one source via HTTPS, perform
the download from a mirror and then verify the checksum.

--
Michiel

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About