adrelanos: > Some time has passed, but I didn't forget about this one. :)
>
> intrigeri:
>> Hi,
>>
>> adrelanos wrote (02 Jan 2013 16:27:46 GMT) :
>>> I propose a mechanism to securely download project metadata, which
>>> includes censor resistance, prevents feeding old/outdated project
>>> metadata and load balancing.
>>
>> I suggest having a look at TUF, and especially their security
>> documentation: https://www.updateframework.com/wiki/Docs/Security.
>
> I did that and read pretty much everything about it.
>
> I contact them regarding this proposal, they are friendly people and
> have a private mailing list. Private as in, there is no public archive.
> So I can't link it and I am not sure it's polite to publish. In summary...
>
> What I describe was called by them a "permanent takedown threat"
> (temporary name in quotes, not sure that will be the final name). They
> are interested in it, they are not sure if they are already covering it
> or if they will address that in future and promised to get back to me.
>
> Whether they will cover this or not in future doesn't void my proposal.
> TUF assumes server software to be running on the mirror.
>
> What I proposed works on any web space.