On Tue, 2004-10-26 at 18:10, Alexandre Oliva wrote: > On Oct 26, 2004, seth vidal <skvidal@xxxxxxxxxxxx> wrote: > > >> Just don't let yum install packages that aren't signed. How about > >> you start a rawhide mirror with the following properties: if a > >> package is not signed, it won't be in your mirror; you'll keep the > >> previous version of such package instead. > > > Then it would not be a rawhide mirror. It would be a rawhide distortion. > > > mirror implies an identical reflection. :) > > Well, not quite. Plane mirrors do. And, even then, there's a small > delay for the light to get from you to the mirror and back, so when > you see your image in the mirror, you're no longer what you're seeing > there :-) This wouldn't be that different :-) These locations should not even advertise themselves as ATTEMPTED mirrors. b/c they are not doing that. At least the current mirrors are making a good-faith effort to be in sync. > No dispute here. But if it could, later on, realize that the package > was signed and use http interval fetch tricks to obtain only the > signature, it would be way cool. difficult with the signature it makes it harder to just get-byte-range changes b/c the file moves around a bit. -sv