On 12/13/19 8:39 AM, Jonas Witschel wrote:
As an example, air-gapped computers are expected to have an outdated database, while it would still be completely fine to install packages from the cache.
Wouldn't an airgapped computer also be updating (if it does update) from a known trusted database communicated via e.g. USB? So there is no need to specify an expiry time on the airgapped computer. The computer which generates updates will specify an expiry time, and if its database passes validity checks including the expiry timestamp, it rsyncs the *.db and pacman cache to some trusted external storage media, and then the airgapped system assumes that it was valid at the time it was created.
In case the freshly downloaded database is expired, it shall not be copied and unpacked to /var/lib/pacman at all, instead the next available mirror should be tried to download a more recent copy. This also provides a bit of a usability improvement w.r.t. stale mirrors.
That sounds like an additional useful thing to do, but I'm not sure we do that currently if PGP signatures fail... -- Eli Schwartz Bug Wrangler and Trusted User