On 10/27/2010 02:03 AM, Kaiting Chen wrote:
To actually track the tcp-traffic (indirectly containing the name of the requested package) archlinux.org would have to _proxy_ the traffic (_all_ data would go _twice_ through their network infrastructure). This would make the concept of mirrors useless.
The other possibility would be a round-robin domain name (like e.g. irc.freenode.net). This way archlinux.org could only log that a connection was made, but not which packages were requested. (Additionally all mirrors would have to use the same folder hierarchy)
TL,DR: There is no technical way to monitor all package downloads.
Regards, PyroPeter Not true, Arch could set up a round robin proxy to other mirrors such that when a package is requested it returns a HTTP 302 or HTTP 303 redirect. Then
On Tue, Oct 26, 2010 at 10:55 AM, PyroPeter<abi1789@googlemail.com> wrote: the only network traffic routed through Arch servers would only be the request HTTP headers which is quite insubstantial but would still allow real package statistics to be retrieved.
Kaiting.
Yes, you are right. This would even allow to host the package lists at archlinux.org (I assume they include checksums of the archives) which would help with the security concerns (non-signed packages, etc...) as you would not be forced to trust the mirrors any longer. (as long as you did not use MD5 for the hashes ;-) ) Regards, PyroPeter -- freenode/pyropeter "12:50 - Ich drücke Return."