Closed jeremylong closed 5 years ago
hmmm. So Retire is one project (and only two files), but others include dotnet-retire and I think there's a php thing to.
The value that this project provides is:
Mirroring Retire (hosted by GitHub) doesn't address these things. GitHub has a ton of bandwidth and does not throttle to my knowledge and the Retire feeds are extremely small. So I don't see any benefit except for orgs that flat-out refuse to allow access to GitHub. But in order to mirror Retire, an org will need to have access to GitHub. Not interested in providing workarounds to an orgs internal policy.
So I guess, I just don't see any reason to expand mirroring functionality to these small feeds. If there's another large feed that's available (similar to NVD for example), that would be something I'd be interested in mirroring (like I do with the vulndb mirror project).
Completely agree with your points and we can close this question.
The NIST data mirror is often used in conjunction with dependency-check. Now that dependency-check utilizes RetireJS to analyze JS files - should the data-mirror be updated to also mirror the RetireJS Repository?
The only reason I am posting the question as opposed to just submitting a PR is that this is titled "NIST" data mirror. Thoughts?