search

NLnetLabs / routinator

An RPKI Validator and RTR server written in Rust
https://nlnetlabs.nl/projects/routing/routinator/
BSD 3-Clause "New" or "Revised" License
470 stars 71 forks source link

Add --no-motd to and remove -l from rsync options. #962

Closed partim closed 5 months ago

partim commented 5 months ago

This PR adds the --no-motd option to the default extra rsync options and removes -l from the base rsync options.

This means we now have -rtO --delete as the base options and -z, --contimeout=10, --max-size, and --no-motd as the default extra options that can be overwritten.

I think keeping --delete is fine – an attacker can always replace a file rather than deleting it and still break the publication point in question. We cannot limit the file patterns accepted as that would prevent adding new file types until all relying party installations are updated – RFC 9286 specifically says that missing fails lead to a failed fetch.

partim commented 5 months ago

It’s a capital letter O (yeah, using that is a bit of a bad idea), so the shortcut for --omit-dir-times. It’s probably not a big deal to add it or not.

partim commented 5 months ago

Maybe we should move the -z into the default options that cab be overwritten? That would make it possible to use openrsync without getting errors all the time.