[aur-general] pkgstats and unused [community] packages
abi1789 at googlemail.com
Wed Oct 27 13:53:19 EDT 2010
On 10/27/2010 02:03 AM, Kaiting Chen wrote:
> On Tue, Oct 26, 2010 at 10:55 AM, PyroPeter<abi1789 at googlemail.com> wrote:
>> To actually track the tcp-traffic (indirectly containing the name of
>> the requested package) archlinux.org would have to _proxy_ the traffic
>> (_all_ data would go _twice_ through their network infrastructure).
>> This would make the concept of mirrors useless.
>> The other possibility would be a round-robin domain name
>> (like e.g. irc.freenode.net). This way archlinux.org could only
>> log that a connection was made, but not which packages were requested.
>> (Additionally all mirrors would have to use the same folder hierarchy)
>> TL,DR: There is no technical way to monitor all package downloads.
>> Regards, PyroPeter
> Not true, Arch could set up a round robin proxy to other mirrors such that
> when a package is requested it returns a HTTP 302 or HTTP 303 redirect. Then
> the only network traffic routed through Arch servers would only be the
> request HTTP headers which is quite insubstantial but would still allow real
> package statistics to be retrieved.
Yes, you are right.
This would even allow to host the package lists at archlinux.org
(I assume they include checksums of the archives) which would
help with the security concerns (non-signed packages, etc...) as
you would not be forced to trust the mirrors any longer.
(as long as you did not use MD5 for the hashes ;-) )
freenode/pyropeter "12:50 - Ich drücke Return."
More information about the aur-general