I have upgraded MirrorManager in staging to 0.12, saw that the
webinterface broke, released 0.13, upgraded staging to 0.13 and after
seeing that everything still worked I also upgraded the production
instance.
It contains a couple of small changes which were already active (EPEL 8
modular repository support) in production, but also a security fix which
easily allowed viewing the report_mirror password of all other sites.
The biggest change is that I disabled report_mirror for public mirrors.
Private mirrors still need to run report_mirror, but for public mirrors
the information submitted via report_mirror is ignored. The main reason
for dropping report_mirror for public mirrors is that we regularly have
seen problems of mirrors being disabled by the crawler because they were
out of date and then being re-enabled by report_mirror. The problem was
that report_mirror only submits a list of up to date directories without
the actual content of the directories (to reduce I/O on the mirrors).
Another addition is that MirrorManager can now filter out paths which
should be ignored when detecting a version. MirrorManager regularly
detected new versions in pub/alt like 25757 or 25748 which were IoT test
trees or risc-v trees. So pub/alt is now filtered out when detecting new
versions.
Please let me know if anything breaks.
Adrian
Show replies by date