On 25 July 2008, Matt Domsch wrote:
Yes, this is a known challenge with subnet delegation in
MirrorManager. We're trusting package signing (and soon, repodata
signing) to prevent rogue mirrors from issuing unsigned data. In
addition, I'm working on adding in a way to prevent stale mirrors
(with signed content) from being used.
How does one get this subnet delegation though? Can I request any subnet I
want, or do we do some sort of verification?
What happens if the client decided its mirror is bad, I presume it will go
off and find a better one, even with delegation?
Thanks.
--
JB