Re: Making pacman check multiple repos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 13/12/09 12:02, Xavier wrote:
On Sun, Dec 13, 2009 at 12:49 PM, Heiko Baums<lists@xxxxxxxxxxxxxxx>  wrote:
Am Sun, 13 Dec 2009 09:02:16 +0000
schrieb Nathan Wayde<kumyco@xxxxxxxxxxxx>:

Of-course this also raises the question of 'what happens when the
master goes down?'.

Or gets hacked?


The changes you talked about don't really make that problem any worse
than it already is.
If master goes down or gets hacked, all mirrors are syncing from it
anyway (directly or indirectly) so you are fucked.

If you worry about it going down, then you provide other masters (you
can give money or hardware or hosting)
If you worry about getting hacked, you use signatures (you can give
money or code)

Then i propose another spin on it, layer the extra checksums on top of what is there now.

Store a copy of the db file as e.g [checksum].db, this goes on a set of master servers, when the user syncs with their mirror a checksum is generated based on the db file that was downloaded, this checksum is then used to get a the [checksum].db from a master server and this new [checksum].db file is used to do the sync update.

The issue of a master going down is gone, if you really cannot download from a master then let the user decides what they want to do - you have a copy of a proper .db file so you could use it if the user decides they want to.

In the event that that a corresponding [checksum].db does not exist on a master then you know something has gone wrong. I can't imagine a master would be out of date compared to another mirror (remember this is about storage of the db files, not packages the idea is that [checksum].db would be uploaded first) but in case it was then you could just add a timestamp inside the .db (.lastupdate?) for extra verification.

That on on top signing sounds almost perfect to me.


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux