On Sat, 2009-12-12 at 00:35 +0100, Xavier wrote: > On Sat, Dec 12, 2009 at 12:20 AM, Ng Oon-Ee <ngoonee@xxxxxxxxx> wrote: > > While I'm not as concerned about security as some (most) here, I do > > think "db files from one site and packages from another" is a good idea. > > (some) Mirrors will be slow, however, and there will be additional > > complexity since the db would perhaps be several steps ahead of most > > mirrors. For example if package foo-1.2 is installed, package foo-1.4 is > > in the db, and package foo-1.3 is in the mirror, pacman would have to be > > smart enough to install foo-1.3.... > > > > Why should it do that ? And that would make the security aspect > completely irrelevant. > > You did say you were not concerned about security (and to be honest, > me neither), but it's still not a reason to ignore it. > > By the way, when you use more than one mirror, pacman will just switch > to the second one if it doesn't find the file it wants. Because sometimes all the mirrors listed in mirrorlist will not have the file, if its just been uploaded. Also not everyone stays up-to-the-minute with updates, judging by the "updated after a month" posts we see once in a while. I'm concerned about the last bit, if a package was just uploaded and only exists on one mirror, everyone who updates and has that package in the period between its uploading and its appearance on their local mirrors will 'fall-back' on varying mirrors (lengthening the update process) and all end up on the poor main server (or Tier 1/2 mirrors). Bad for both the mirror bandwidth as well as most probably much slower for the user, who could probably just wait a day or so for the update to come to his (faster, presumably) local mirror.
