<pre>
/|- ├── public/ |- │ ├── gentoo/ |- │ │ └── distfiles/ |- │ └── stepping-stone.ch/│ |- └── sepiola/|├── role- restricted│ ├── crm_sugarcrm_mysql│ └── wiki_mediawiki_mysql└── site-restricted/ |- └── stepping-stone.ch/ |- └── gentoo/ |- └── distfiles/|- role-restricted/ |- mediawiki_mysql
</pre>
== Packaging notes ==
=== Fetch restriction ===
To avoid passive information disclosure all packages requiring source files from at least one of the restricted locations must be fetch restricted (if possible). Otherwise a client may in some circumstances try to fetch the package from a public mirror, leaving traces in the respective access log.
For Gentoo ebuilds this means:
<source lang='bash'>
RESTRICT="fetch"
</source>
[[Category:Infrastructure]]