[pacman-dev] Adding an expiry time to repo databases

[Erich Eckner]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 13 Dec 2019, Giancarlo Razzolini wrote:

> Em dezembro 13, 2019 8:39 Allan McRae escreveu:
>> Hi all,
>> 
>> I have made a start at adding an expiry time to repo databases.   See
>> the three patches here:
>> 
>> https://patchwork.archlinux.org/bundle/Allan/repo_timestamp/
>> 
>> My question is, what should we do once a database is determined to be
>> expired?  Follow the example of a bad signature, and refuse to load it
>> at all?  Just refuse to install anything from it, but still enable
>> searching etc?
>> 
>> Just deciding "bad repo, don't use" will be much easier to implement...
>> 
>> Comments?
>> 
>
> I'd go with, if expired, don't touch it *at all*. Even searching from then
> should not be allowed.

I'm also in favour of this approach. We need some possibility to ignore 
the expiration anyways (e.g. change config option or more convenient: some 
command line flag to override the value from the config file), because 
otherwise it becomes impossible to install from an archived repository.

>
> Regards,
> Giancarlo Razzolini

Regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl3zi2MACgkQCu7JB1Xa
e1o4Dg//fQpcgXZlD5v3zSyEX3Nd6/CUQhpODypFK0F8Wzt/zi/LONoR9R/Z41Ww
JZsrbDbkjux/8N1Ef2/rvR43TTVkNouiaEUQ5nPvTICdF/OT5ZD0Rsxxiv3ihAU/
csHB8ZPtzRbBIPDrtdvFD2O2sRzE7jQA8enm3tm74nI5XgWOgs0n36PAj23nA/Q8
H+OC2QHvhRPVL1KL4jJehBHA4c6sL21Kao8KWMbqiCloP5smTwtwQpwKgDZBPLu8
htFf2BLftJlqrI5TrbLbmrPsU+5sqqTxOvE6YP9fPfbFU4asnIZ5CrbJq7H9CvFI
LuomryLYv9SS4xEHznCVOAU7WGajD6Squ2L7Naz+eWv5oBBeV7c1aibmb17CvFFd
S3UYNli4S1X//L3FojTAnGoQHXQgBgCKWj3prowZjw9fHtTQyruwiMkdRs7KdyJG
iwokGdYJg3xwK5Cz+HOY7vlfPQQ5fXX6U/r3FAKaEBx4SMSwPL5+JpD7HYA7BpFs
L4vfbjKm+xijOwsQ5wzep7PbEBkHh63wWySPqNzcxHs5v2JY1/+HsvcXjnO7dHDe
uYDofgslLOB8dvaAIEdhX/5NAwNXGmQwHZZs2vxcBahGV9a9m9oJ0cKu2TkI7TOE
xLDFEjy/0Uwj/BtPKWw4UbO4ArPF/VB7cXTu9DNWCJ/AD3AyWA4=
=S1BH
-----END PGP SIGNATURE-----