I was implicitly referring to the hash validation that seems to be absent of lxc-download.
Thatâs because it always downloads over https, the hash validation is useful only if youâre going to fetch the data over http.
For firewalling, you can add every one of the servers listed above to your firewall rules.
You can alternatively force the us of https://ca.images.linuxcontainers.org which is a server that will not redirect.
The https brings transport protection, not hosting one. The hash permit to say :
We donât have to strictly trust our mirrors operators
Anyway, the force scenario proposed is a way to get around it for lxc-download.
1 Like
Could offer a mirror (on OVH infra) in EU (France), but wonât be 1 Gpbs symmetrical, 250Mbs up. Would that help?
Thatâs unlikely as we already have a sponsored one not far away in Frankfurt which has 2Gbps symmetric. Itâs one of our busiest mirrors but itâs nowhere close to reaching its bandwidth limit.
Given Europeâs routing, Iâd expect French customers to have excellent routes to Digital Ocean in Frankfurt, so adding another mirror in France itself wouldnât really make a visible difference.
Thatâs unless someone in France has seen performance issues downloading from the current European mirror in Germany, if thatâs the case for customers of one or more ISPs in France, then introducing a country-specific mirror may be useful.
1 Like