On 12/13/19 6:39 AM, Allan McRae wrote:
Hi all,
I have made a start at adding an expiry time to repo databases. See the three patches here:
https://patchwork.archlinux.org/bundle/Allan/repo_timestamp/
My question is, what should we do once a database is determined to be expired? Follow the example of a bad signature, and refuse to load it at all? Just refuse to install anything from it, but still enable searching etc?
Just deciding "bad repo, don't use" will be much easier to implement...
Comments?
Offering to search a repo that you cannot then use, seems quite inconsistent. And people who configured a repo timestamp are implementing the same role as people configuring a gpg signature check -- they don't consider the repository to be valid or trusted without it, that repository is probably an MiTM if it cannot be refreshed. Let's mark it as so bad we don't even want to load it. -- Eli Schwartz Bug Wrangler and Trusted User