-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 13 Dec 2019, Giancarlo Razzolini wrote:
Em dezembro 13, 2019 8:39 Allan McRae escreveu:
Hi all,
I have made a start at adding an expiry time to repo databases. See the three patches here:
https://patchwork.archlinux.org/bundle/Allan/repo_timestamp/
My question is, what should we do once a database is determined to be expired? Follow the example of a bad signature, and refuse to load it at all? Just refuse to install anything from it, but still enable searching etc?
Just deciding "bad repo, don't use" will be much easier to implement...
Comments?
I'd go with, if expired, don't touch it *at all*. Even searching from then should not be allowed.
I'm also in favour of this approach. We need some possibility to ignore the expiration anyways (e.g. change config option or more convenient: some command line flag to override the value from the config file), because otherwise it becomes impossible to install from an archived repository.
Regards, Giancarlo Razzolini
Regards, Erich -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl3zi2MACgkQCu7JB1Xa e1o4Dg//fQpcgXZlD5v3zSyEX3Nd6/CUQhpODypFK0F8Wzt/zi/LONoR9R/Z41Ww JZsrbDbkjux/8N1Ef2/rvR43TTVkNouiaEUQ5nPvTICdF/OT5ZD0Rsxxiv3ihAU/ csHB8ZPtzRbBIPDrtdvFD2O2sRzE7jQA8enm3tm74nI5XgWOgs0n36PAj23nA/Q8 H+OC2QHvhRPVL1KL4jJehBHA4c6sL21Kao8KWMbqiCloP5smTwtwQpwKgDZBPLu8 htFf2BLftJlqrI5TrbLbmrPsU+5sqqTxOvE6YP9fPfbFU4asnIZ5CrbJq7H9CvFI LuomryLYv9SS4xEHznCVOAU7WGajD6Squ2L7Naz+eWv5oBBeV7c1aibmb17CvFFd S3UYNli4S1X//L3FojTAnGoQHXQgBgCKWj3prowZjw9fHtTQyruwiMkdRs7KdyJG iwokGdYJg3xwK5Cz+HOY7vlfPQQ5fXX6U/r3FAKaEBx4SMSwPL5+JpD7HYA7BpFs L4vfbjKm+xijOwsQ5wzep7PbEBkHh63wWySPqNzcxHs5v2JY1/+HsvcXjnO7dHDe uYDofgslLOB8dvaAIEdhX/5NAwNXGmQwHZZs2vxcBahGV9a9m9oJ0cKu2TkI7TOE xLDFEjy/0Uwj/BtPKWw4UbO4ArPF/VB7cXTu9DNWCJ/AD3AyWA4= =S1BH -----END PGP SIGNATURE-----