[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just an idea



On Thu, 1 May 2003 07:56:06 +0300 (EEST)
"Berk D. Demir" <bdd@ieee.org> wrote:

> On Thu, 1 May 2003, Leandro Costa wrote:
> 
> > Some months ago i was talking with a friend about OpenBSD packages,
> > because i was preparing a script to update them and we realised that we 
> > are not able to check if the copy we have on disk is the same that the 
> > one on the server (i.e. there are no MD5/SHA1/RMD160 sums).
> 
> Check your local repository via rsync.
> Many RSYNC mirrors are listed in http://www.openbsd.org/ftp.html#rsync
> As rsync offers cheksum controls, you can even update your local copy
> immediately.
> 
I think that a lot of ppl uses ftp to download packages and since rsync doesn't come with the base system, ftp downloads are more handy

> > Wouldn't it be cool to add a file under 
> > ftp://ftp.openbsd.org/pub/OpenBSD/$RELEASE/packages/$ARCH, containing 
> > the packages' MD5 sums at least? I think it'd be more secure if we can
> > check those sums.
> 
> The pattern for OpenBSD package downloads[1] shows that, 90% of people 
> just download 10 - 15 files a session. They do not download the whole packages
> directory.
> There must be something more efficient then stuffing all the hash values 
> into *one* file.
> 
> That can be useful.
> 
Yep, it could be useful to create a $PACKAGE.md5 for each package on the directory.. but it'd end up filling it with a lot of files, and when someone tries to access the dir, it'd take double the time to download the contents (think of slow connections.. i'm on 512k and it takes a while to read the contents). So i think that a file containing all the md5 sums would be the right choice.
I hope that something like this is going to be done, so we can rely on our packages' downloads.

> -bdd
> 
> [1]: May 2002 - Apr 2003 ftp.linux.org.tr stats
>