-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-07-25 13:45, Anders Johansson wrote:
On Sunday 25 July 2010 13:09:04 Carlos E. R. wrote:
Another is that do you have to activate nfs, server in one, client on another.
Well, even with your idea, there has to be some sort of manual intervention. You do not want a daemon that automatically opens a port in the firewall and connects to other machines that happen to be in the same LAN. Somehow you have to decide which machines are trusted, perhaps by looking at their host keys.
So completely automatic it can never be. Security dictates otherwise.
Yes, of course. :-) There has to be a module, perhaps in YaST, which configures all this. Perhaps it can use ssh as transport, and its list of known hosts. Or have another type of shared keys for authentication. First you set a machine, then another, then press "discovery", both see one another, and root decides which one to accept or reject. However, remember that every package has (or should have) a pgp signature, so they can't be faked or altered. The metadata for the updates is still downloaded from the opensuse redirector, so there is no danger of faking that as well. I don't see security dangers.
Apart from that it looks like you have an interesting idea. There are of course already server solutions where you set up one server and push packages out to clients from it. This is what I personally prefer in a network with many machines, partly because it gives me one point of administration, and if a package fails for some reason I don't have to look through every machine to find the failing package and clean it out. But if you really prefer this peer- to-peer idea, then I wish you luck with it
I'm using shared nfs directories for this. I can do it, I have the "expertise", but not every body has. A distributed network is more resilient, and if designed properly, easier to manage and maintain. However, I can't develop my idea. I don't know how, I don't have that kind of expertise. I can live without it, but others could benefit. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxMKqgACgkQU92UU+smfQWXngCeNtonfJwci+QZxWRSUEwcmRnq /xgAnihteqh90cnNq/hkJa7t0avo6sS8 =e93Z -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org