CAcert System Admins discussion list

[Wytze van der Raay <wytze AT cacert.org>]

Hi Michael, Mario,

On 18.10.2013 12:39, Wytze van der Raay wrote:
> On 18.10.2013 02:41, Michael Tänzer wrote:
>> That sounds like a good idea. I would definitely use a rsync service if
>> there was one. That could at least reduce traffic from CAcert internal
>> services and maybe others too until we have another solution.
>>
>> On 17.10.2013 20:40, Mario Lipinski wrote:
>>> Maybe rsync also would be an option too.
>>> But I guess the main load comes from people who just take the CRL URL
>>> without thinking...
> 
> Setting up rsync as an alternative method for retrieving the CRLs
> sounds perfectly doable to me. I'll look into it and will let you
> know what comes out (it'll require some firewall changes).

I am happy to report that the rsync service for crl.cacert.org is now
fully operational. You can update the crls in directory XXX simply with:

        rsync -avz crl.cacert.org::crl XXX

Note that for this to work on the infrastructure server, a rule needs to be
added to the ferm.conf to allow outgoing connections to port 873 (rsync) on
crl.cacert.org.

The rsync service is also available to the public, and everybody who wants
to retrieve the crls on a regular schedule is strongly encouraged to use it,
because the amount of network traffic is orders of magnitude less than with
the normal http/https services. This helps both CAcert and yourself :-)

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature