[arch-general] Making pacman check multiple repos

Jeroen Op 't Eynde jeroen at xprsyrslf.be
Sun Dec 13 06:07:05 EST 2009 

On 12/13/2009 10:02 AM, Nathan Wayde wrote:
> On 13/12/09 08:48, Ng Oon-Ee wrote:
>> On Sun, 2009-12-13 at 03:31 -0500, Qadri wrote:
>>>
>>> So should it be a function of the program to make sure that happens?
>>> Or is a
>>> responsibility of the user? Should the functionality be programmed into
>>> pacman to make sure that happens, or should we be asking that users
>>> be aware
>>> of what repos they're using?
>>
>> Well said, I agree. I believe that if separate db and package downloads
>> are implemented it should not be so users can be 'up-to-the-minute' in
>> packages, but for greater security.
>>
>> In fact, now that I think about it, having two dbs (one on the mirror
>> with all packages as available on that mirror and one 'master' with a
>> list of authoritative checksums) would make sense, as it fulfils the
>> security aspect well while avoiding the problem of db/package mismatch.
>> The 'master' db would have to have a history of previous checksums as
>> well.
>>
>>
> One possible alternative to explicitly storing a history of checksums is
> to checksum the dbfile, and name it as such. instead of core.db.tar.gz,
> you'd have have core.[checksum].db.tar.gz and these would be stored for
> some time on the master. In order to make it secure the standard
> checksums would have to be upgraded to something with less collisions
> than md5.
> Of-course this also raises the question of 'what happens when the master
> goes down?'.

I'm following this topic, and I a bit with Qadri. I think it should 
be/stay the responsibility of the user.
My solution to get up-to-the-minute packages is very simple:
-put ftp.archlinux.org on top of the mirrorlist
-do pacman -Sy
-comment ftp.archlinux.org out of the mirrorlist
-do pacman -Su
And then it goes through the list of servers for the latest packages.

Change the way how the mirrors and how updating works is unnecessary IMHO.

-- 
Jeroen Op 't Eynde
jeroen at xprsyrslf.be
http://xprsyrslf.be

How to set up a cheap professional hosting @ XprsYrslf.be
See my latest work: www.jhdeput.be

More information about the arch-general mailing list