logoalt Hacker News

delusionaltoday at 3:10 PM2 repliesview on HN

> almost nobody runs it outside of strict trust boundaries.

I guess you can define "strict" however you want, but from what I saw ~10 years ago, most linux distros handled mirroring with rsync. That's a lot of usage in a pretty core part of the foundational open source ecosystem.

Replies

tptacektoday at 3:30 PM

OK, I agree, that's bad.

akerl_today at 3:13 PM

Many distros use rsync for that but also support unencrypted HTTP.

They’re layering on checksums and signing such that they mostly don’t think about the trustworthiness of mirrors or the networks between them.