On 12/13/2009 10:33 PM, Brendan Long wrote:
On Sun, 2009-12-13 at 12:07 +0100, Jeroen Op 't Eynde wrote:
On 12/13/2009 10:02 AM, Nathan Wayde wrote:
On 13/12/09 08:48, Ng Oon-Ee wrote:
On Sun, 2009-12-13 at 03:31 -0500, Qadri wrote:
So should it be a function of the program to make sure that happens?
Or is a
responsibility of the user? Should the functionality be programmed into
pacman to make sure that happens, or should we be asking that users
be aware
of what repos they're using?
Well said, I agree. I believe that if separate db and package downloads
are implemented it should not be so users can be 'up-to-the-minute' in
packages, but for greater security.
In fact, now that I think about it, having two dbs (one on the mirror
with all packages as available on that mirror and one 'master' with a
list of authoritative checksums) would make sense, as it fulfils the
security aspect well while avoiding the problem of db/package mismatch.
The 'master' db would have to have a history of previous checksums as
well.
One possible alternative to explicitly storing a history of checksums is
to checksum the dbfile, and name it as such. instead of core.db.tar.gz,
you'd have have core.[checksum].db.tar.gz and these would be stored for
some time on the master. In order to make it secure the standard
checksums would have to be upgraded to something with less collisions
than md5.
Of-course this also raises the question of 'what happens when the master
goes down?'.
I'm following this topic, and I a bit with Qadri. I think it should
be/stay the responsibility of the user.
My solution to get up-to-the-minute packages is very simple:
-put ftp.archlinux.org on top of the mirrorlist
-do pacman -Sy
-comment ftp.archlinux.org out of the mirrorlist
-do pacman -Su
And then it goes through the list of servers for the latest packages.
Change the way how the mirrors and how updating works is unnecessary IMHO.
Aren't you doing exactly what's being proposed (check the master for the
package list, then download from a faster mirror), just manually? If you
think that it's the best way to do things, why not make it automatic?
I'm doing basically the same manually, yes. It was in an answer to the
question of Qadri. Damn, when I my email again it seems I forgot to type
some words, I'm dyslectic, sorry.
Well, to respond to your question: I'm not always interested in doing it
that way, I just do it when I'm impatient to get a new package or
something. Mostly I just update from more local servers, which have a
database at an age of few hours or sometimes a 24 hours.
--
Jeroen Op 't Eynde
jeroen@xxxxxxxxxxxx
http://xprsyrslf.be
How to set up a cheap professional hosting @ XprsYrslf.be
See my latest work: www.jhdeput.be
