[pacman-dev] Adding an expiry time to repo databases
Jonas Witschel
diabonas at archlinux.org
Fri Dec 13 13:39:01 UTC 2019
On 2019-12-13 12:39, Allan McRae wrote:
> I have made a start at adding an expiry time to repo databases. See
> the three patches here:
>
> https://patchwork.archlinux.org/bundle/Allan/repo_timestamp/
>
> My question is, what should we do once a database is determined to be
> expired? Follow the example of a bad signature, and refuse to load it
> at all? Just refuse to install anything from it, but still enable
> searching etc?
In my opinion the timestamp only needs to be checked during a database
refresh: in combination with signed database files, this provides
security against a MITM serving an outdated database to withhold
security updates, while leaving the timing of database updates under the
user's control. As an example, air-gapped computers are expected to have
an outdated database, while it would still be completely fine to install
packages from the cache.
In case the freshly downloaded database is expired, it shall not be
copied and unpacked to /var/lib/pacman at all, instead the next
available mirror should be tried to download a more recent copy. This
also provides a bit of a usability improvement w.r.t. stale mirrors.
Best,
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20191213/2b5c9ed2/attachment-0001.sig>
More information about the pacman-dev
mailing list