[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Copy slower than rsync Re: Bugs and features
|
From: |
Mark . Burgess |
|
Subject: |
Re: Copy slower than rsync Re: Bugs and features |
|
Date: |
Fri, 8 Nov 2002 20:19:39 +0100 (MET) |
On 8 Nov, Adrian Phillips wrote:
>>>>>> "Nate" == Nate Campi <nate@campin.net> writes:
>
> >> Well, even a 1+GB partition only takes a few seconds on a
> >> fast, lightly loaded server with rsync even using
> >> ssh. Obviously when there are lots of differences then rsync is
> >> going to chew memory.
>
> Nate> You have to mean a 1+GB partition with no changes. No disk
>
> Obviously, although I'm sure many people would like a couple of
> hundred MB/sec over their network :-)
>
> Nate> Unless you mean ssh using public key or kerberos or S/Key
>
> I meant ssh with public key. I'm interested as to how cfengine's key
> system is "better" then ssh's.
It's not - it's essentially the same - somewhat cheaper to implement
since it chooses a specific model rather than trying to be the be-all
and end-all of swiss army knives.
> Nate> auth then this is not security. Even then, you have
> Nate> encryption and good authentication, which is mostly one way.
>
> Nate> rsync's server could be made "secure" with IPSec and packet
> Nate> filtering, so that you *know* the host it's originating from
> Nate> and filtering out all others. You can't just say "rsync's
> Nate> server is insecure and rsync over ssh is secure", because it
> Nate> leaves out too much.
>
> Well, standard rsync server is relatively "insecure", is it not. No
> public key, no hijacking checking (if that is the correct term for
> it). I was under the impression that ssh is recommended because it is
> relatively secure if used "properly".
The point is that an encrypted tunnel is not systemic security, it
is communication privacy. rsync cannot check if the files are in line
with policy and override permissions, without leaving race windows.
We do not know of its behaviour in relation to races at all... It does
not verify transmission error, or test whether a file can be transmitted
in full before replacing it (a file could be half copied if disk is full)
thus leaving the system broken. It does not define trust relationships
in regard to system policy. It doesn't give failover capability.
etc etc. You see my point? I'm not sure that a little extra speed is
worth such a loss.
Mark
- Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Mark Burgess, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Mark Burgess, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Nate Campi, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Nate Campi, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features,
Mark . Burgess <=
- Re: Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Mark . Burgess, 2002/11/08
Re: Copy slower than rsync Re: Bugs and features, Ted Zlatanov, 2002/11/08