You are correct when you say that there are potential problems with the depsolvers (yum and others) and I think my article ends to point out that we should not minimize those risks and developers definitely should look into them.
What I simply wanted to make clear is that we do more than just accept mirror-requests and that a mirror is not just offered whatever the accuracy of the mirror is. We do verify for forgery or malicious content.
But here also, yes, you have a good point about providing different content to different clients and unfortunately we trust other mechanisms (from the depsolver) to make sure that the user is not affected.
Right
Justin,
You are correct when you say that there are potential problems with the depsolvers (yum and others) and I think my article ends to point out that we should not minimize those risks and developers definitely should look into them.
What I simply wanted to make clear is that we do more than just accept mirror-requests and that a mirror is not just offered whatever the accuracy of the mirror is. We do verify for forgery or malicious content.
But here also, yes, you have a good point about providing different content to different clients and unfortunately we trust other mechanisms (from the depsolver) to make sure that the user is not affected.