[arch-dev-public] [RFC] Moving repos to nymeria

Allan McRae allan at archlinux.org
Sun Sep 16 10:07:43 EDT 2012


On 16/09/12 23:56, Xyne wrote:
> Tom Gundersen wrote:
> 
>>> >> Am 16.09.2012 08:34, schrieb Jan Steffens:
>>>> >>> I want avoid anything that requires me to upload the DB from my computer.
>> >
>> >[...]
>> >
>>>> >>> That would be over 7MB I would have to download and upload
> Why can't the following procedure be used?
> 
> 1) update the database on the server
> 2) download it
> 3) check it and sign it
> 4) upload the signature
> 5) check that the signature matches on the server
> 
> The database would only need to be locked during step 1. If user B updates it
> while user A is in the process of signing it, step 5 will ensure that the
> uploaded signature from user A is rejected and that user B's signature is kept,
> even if user B manages to upload a signature before user A.
> 
> Advantages:
> * no complicated locking
> * local signing (i.e. no keys on server)
> * minimal upload
> 

What does "check it and sign it" mean?  Diff it to the old and signed
database?

Anyway, I think it would need locked throughout.  If B updates the
database while A is uploading, that is not different to bad guy C
adjusting the database and leaving it for someone to sign on the next
addition.   The only way to maintain what would be a chain of trust -
where we can link each database update to the previous database - is to
have the current db signature checked before adding the new packages and
resigning.

Worst case scenario is that you move stuff from [testing] to [core] and
[extra] so you need to download three databases - probably less that 2MB
in total and then upload three signatures.  I am ignoring signing the
.files databases...





More information about the arch-dev-public mailing list