Am Sun, 30 Nov 2008 15:09:04 +0100 schrieb vlad <vla@xxxxxxxxxxx>: > > yes, i also thought about that. that's why i suggested to establish a > db file repository with a file retention of some days (mirrors > ususally sync every 2h-24h). ... > just my 2 cents. IMHO this could not be handled in practice. We will end in a zillion of different *.db.tar.gz files, cause the "main" db file could change every minute/hour by a dev and mirrors don't sync every day in practice. But more important: At the moment we can't guarantee the integrity of *one* db file, with your solution we can't guarantee it for 100 db files. That the file is (maybe) downloaded over a unsecure transport from a mirror (ftp.archlinux.org are mirrors too) that **could** be ftp.archlinux.org make it IMHO not more trusted. > vlad Regards Gerhard
