On 7/27/05, Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx> wrote: > On Wed, 2005-07-27 at 20:56 -0700, Ian Burrell wrote: > > I think it would be good to add some detection in yum for out-of-date > > mirrors to prevent weird results. The repomd.xml file seems to > > include a timestamp for each metadata file. The solution would be to > > not allow the timestamp to go backwards. If a newer timestamp has > > already been downloaded, then an older timestamp would cause that > > mirror to be skipped. > > The problem with this is that a single corrupt mirror can effectively > deny you the ability to update your system if it has metadata that has a > date far into the future. > The idea I had to solve that problem is record some unique ID for the generating host in the repomd.xml file. Then the logic would only compare timestamps for the same host. If a mirror generates its own metadata, then it won't affect the detection logic. Another solution would be to not use the logic for timestamps far in the future. This doesn't solve the problem with a mirror modifying or corrupting the metadata but I think this is unlikely with mirrors using rsync. And malicious mirrors can cause other trouble. This would tie nicely into signing the metadata. The key would be the unique identifier and the signature guarantees the metadata hasn't been corrupted. - Ian
