9 Dec
2010
9 Dec
'10
9:50 p.m.
Richard O'Keefe
I thought "X is a mirror of Y" meant X would be a read-only replica of Y, with some sort of protocol between X and Y to keep X up to date. As long as the material from Y replicated at X is *supposed* to be publicly available, I don't see a security problem here. Only Y accepts updates from outside, and it continues to do whatever authentication it would do without a mirror. The mirror X would *not* accept updates.
At the very least, this assumes that you trust all the mirror operators. Sure, I'm trustworthy, but how about those other guys? >:) -=rsw