FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 07-04-2010, 08:35 PM
Rickard Eriksson
 
Default ftp.gigabit.nu / ftp.archlinux.se shutting down

Cut from the forum where my co-admin first put this up, however it got
closed with reason "trolling"...




This mirror will shut down in the upcoming days.

Few funny facts:

* We never got contacted by anyone before we got added in the official
mirror list. We just posted this thread and all of the sudden it
appeared. No verification of whom we were and what our intension were.


* ArchLinux is fundamentally unscalable in the package manager aspect.

* ArchLinux puts the trust in the hands of every mirror owner and their
security. ftp.archlinux.se is the prime example of a machine vulnerable
to all sorts of things. This affect YOUR security. This is why it's
being put down. If the ArchLinux authors would start signing packages
this would not be a risk to you.


* We posted a suggestion of this in 2006.
http://bugs.archlinux.org/task/5331 -- This is 4 years of insecurity.


* We recommend all of you to switch to a distribution caring about user
security and atleast signs their packages. Most RPM and APT based
distros does this (Ubuntu, Debian, RedHat, CentOS, SuSE, OpenSuSE, etc
etc etc).


Have fun. :-)

Yours,

Mikael & Rickard
 
Old 07-04-2010, 08:48 PM
Nathan Wayde
 
Default ftp.gigabit.nu / ftp.archlinux.se shutting down

On 04/07/10 21:35, Rickard Eriksson wrote:

Cut from the forum where my co-admin first put this up, however it got
closed with reason "trolling"...



This mirror will shut down in the upcoming days.

Few funny facts:

* We never got contacted by anyone before we got added in the official
mirror list. We just posted this thread and all of the sudden it
appeared. No verification of whom we were and what our intension were.

* ArchLinux is fundamentally unscalable in the package manager aspect.

* ArchLinux puts the trust in the hands of every mirror owner and their
security. ftp.archlinux.se is the prime example of a machine vulnerable
to all sorts of things. This affect YOUR security. This is why it's
being put down. If the ArchLinux authors would start signing packages
this would not be a risk to you.

* We posted a suggestion of this in 2006.
http://bugs.archlinux.org/task/5331 -- This is 4 years of insecurity.

* We recommend all of you to switch to a distribution caring about user
security and atleast signs their packages. Most RPM and APT based
distros does this (Ubuntu, Debian, RedHat, CentOS, SuSE, OpenSuSE, etc
etc etc).

Have fun. :-)

Yours,

Mikael & Rickard


It's true, you are trolling.
 
Old 07-04-2010, 08:50 PM
Rickard Eriksson
 
Default ftp.gigabit.nu / ftp.archlinux.se shutting down

On 07/04/2010 10:48 PM, Nathan Wayde wrote:

On 04/07/10 21:35, Rickard Eriksson wrote:

Cut from the forum where my co-admin first put this up, however it got
closed with reason "trolling"...



This mirror will shut down in the upcoming days.

Few funny facts:

* We never got contacted by anyone before we got added in the official
mirror list. We just posted this thread and all of the sudden it
appeared. No verification of whom we were and what our intension were.

* ArchLinux is fundamentally unscalable in the package manager aspect.

* ArchLinux puts the trust in the hands of every mirror owner and their
security. ftp.archlinux.se is the prime example of a machine vulnerable
to all sorts of things. This affect YOUR security. This is why it's
being put down. If the ArchLinux authors would start signing packages
this would not be a risk to you.

* We posted a suggestion of this in 2006.
http://bugs.archlinux.org/task/5331 -- This is 4 years of insecurity.

* We recommend all of you to switch to a distribution caring about user
security and atleast signs their packages. Most RPM and APT based
distros does this (Ubuntu, Debian, RedHat, CentOS, SuSE, OpenSuSE, etc
etc etc).

Have fun. :-)

Yours,

Mikael & Rickard


It's true, you are trolling.


I'm afraid not, the hostnames has already been removed and the server is
being shutdown. However, I guess you could call the suggestions trolling
of some kind however..


Best regards
Rickard Eriksson
 
Old 07-04-2010, 09:47 PM
bardo
 
Default ftp.gigabit.nu / ftp.archlinux.se shutting down

2010/7/4 Rickard Eriksson <rickard.eriksson@gigabit.nu>:
> Cut from the forum where my co-admin first put this up, however it got
> closed with reason "trolling"...

You're *totally* trolling. There are many fallacies in your message.
First of all implying that what you're saying is unknown to the
community. This is not true. Just read the bazillion of mails in
arch-general and pacman-dev about package signing. Heck, there's even
a stub of implementation, and this is recent activity. However the
main reason there's no package signing in Arch is people simply don't
care enough.

> This mirror will shut down in the upcoming days.

If it's yours, thank thanks god it is shutting down, I wouldn't want
to fetch my packages from someone like you.
(Yes, this is trolling too.)

> Few funny facts:
>
> * We never got contacted by anyone before we got added in the official
> mirror list. We just posted this thread and all of the sudden it appeared.
> No verification of whom we were and what our intension were.

This is a problem and shouldn't have happened. When were you added to
the mirror list? As far as I know, in the last few years relations
with mirror managers have changed quite a bit.

> * ArchLinux is fundamentally unscalable in the package manager aspect.

Please justify this claim. Provide a good case, suggest solution.
Otherwise you are just trolling. And you aren't, right? =P

> * ArchLinux puts the trust in the hands of every mirror owner and their
> security. ftp.archlinux.se is the prime example of a machine vulnerable to
> all sorts of things. This affect YOUR security. This is why it's being put
> down. If the ArchLinux authors would start signing packages this would not
> be a risk to you.

Read above about packages signing. And anyway, who are you? What's
your business, what can you do other than whining and maintaining
insecure servers (your claim)? If you think arch is a bad distro do
something about it. And with "do something" I surely don't mean "drive
away users from it". In fact this is the best way to ensure the distro
will never get better and will never overcome its problems, which
undoubtfully exist.

> * We posted a suggestion of this in 2006.
> http://bugs.archlinux.org/task/5331 -- This is 4 years of insecurity.

Even APT hasn't always supported package signing. According to
wikipedia, it appeared in version 0.6. Were you there telling users to
switch distros back then?
Since nobody is paid to develop arch (unlike all the other distros you
mention below) you can only expect what the devs can do in their free
time and what the community is willing to contribute. Don't like it?
Again, make it better or leave, whining doesn't help.

> * We recommend all of you to switch to a distribution caring about user
> security and atleast signs their packages. Most RPM and APT based distros
> does this (Ubuntu, Debian, RedHat, CentOS, SuSE, OpenSuSE, etc etc etc).

Another implied fallacy: you say that security is *the most* important
aspect of all. Ever considered that different users have different
needs? Speed, simplicity, ease of use, software updates, structure,
level of bureaucracy, community competency... These are many
parameters people consider when choosing a distro, and surely there's
many more. Security is just one of them, and sometimes isn't even
important at all.

By the way, the whole thing is just like me suggesting you to change
your house for another with a better door lock, because any lockpicker
worth his name can open yours in no time. Problem is, there's no lock
that can be considered "secure", they all can be opened if there's a
reason to.

Just remember security is not a product, security is a process. You
seem to forget it more than a few times in your message.

> Have fun. :-)

I surely did replying to you

Corrado Primier
 
Old 07-05-2010, 01:21 AM
Jonathan Brown
 
Default ftp.gigabit.nu / ftp.archlinux.se shutting down

* We recommend all of you to switch to a distribution caring about user security and atleast signs their packages. Most RPM and APT based distros does this (Ubuntu, Debian, RedHat, CentOS, SuSE, OpenSuSE, etc etc etc).

-- LOL does he think any of us are actually going to switch to one of the above distros..? Although nothing wrong with them, used them all for desktops and still for servers..
 
Old 07-05-2010, 01:22 AM
Ionuț Bîru
 
Default ftp.gigabit.nu / ftp.archlinux.se shutting down

On 07/04/2010 11:35 PM, Rickard Eriksson wrote:

Cut from the forum where my co-admin first put this up, however it got
closed with reason "trolling"...



This mirror will shut down in the upcoming days.

Few funny facts:


<snip>

i must say that is a very professional attempt to inform developers and
admins that actually organize our mirroring schema and access to rsync.


in the future, for other projects i suggest to use bugtracker, contact
the leader of the project or use a mailing list that it supposed to
handle this kind of announcement.


p.s imo this is lack of respect and i don't believe that you actually
handle a mirror dropping like that for other projects.


--
Ionuț
 

Thread Tools




All times are GMT. The time now is 02:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org