hi all, On Sun, Nov 30, 2008 at 12:54:34PM +0100, Timm Preetz wrote:
I think ftp.archlinux.org can be pretty slow sometimes (compared to near-by mirrors), so wouldn't it be equally sufficient to just fetch the DB-checksum from archlinux.org?
(Still not as secure as signed DBs though.)
the db.tar.gz file is pretty small. the extra.db.tar.gz file is about 400kb. ok, it is also possible to ge only the db checksum, but the idea is that the db file itself should be in a trusted place. with 2-3 "trusted servers" users can choose a server in a near location (.org, .de or .fr for example). On Sun, Nov 30, 2008 at 01:40:07PM +0100, Gerhard Brauer wrote:
Am Sun, 30 Nov 2008 12:54:34 +0100 schrieb Timm Preetz
: I think ftp.archlinux.org can be pretty slow sometimes (compared to near-by mirrors), so wouldn't it be equally sufficient to just fetch the DB-checksum from archlinux.org?
This is not possible cause mirrors sync times are different, so the result was: newer package versions in the db - but the package file is not available on users mirror. (I've had make the same request earlier in a bugtracker thread, without thinking a bit deeper... ;-)
Regards Gerhard
yes, i also thought about that. that's why i suggested to establish a db file repository
with a file retention of some days (mirrors ususally sync every 2h-24h).
the new db.tar.gz now looks like