On 13/12/09 08:48, Ng Oon-Ee wrote:
On Sun, 2009-12-13 at 03:31 -0500, Qadri wrote:
So should it be a function of the program to make sure that happens? Or is a
responsibility of the user? Should the functionality be programmed into
pacman to make sure that happens, or should we be asking that users be aware
of what repos they're using?
Well said, I agree. I believe that if separate db and package downloads
are implemented it should not be so users can be 'up-to-the-minute' in
packages, but for greater security.
In fact, now that I think about it, having two dbs (one on the mirror
with all packages as available on that mirror and one 'master' with a
list of authoritative checksums) would make sense, as it fulfils the
security aspect well while avoiding the problem of db/package mismatch.
The 'master' db would have to have a history of previous checksums as
well.
One possible alternative to explicitly storing a history of checksums is
to checksum the dbfile, and name it as such. instead of core.db.tar.gz,
you'd have have core.[checksum].db.tar.gz and these would be stored for
some time on the master. In order to make it secure the standard
checksums would have to be upgraded to something with less collisions
than md5.
Of-course this also raises the question of 'what happens when the master
goes down?'.
