On Fri, Jun 08, 2001 at 06:08:36AM +0100, Edward Betts wrote: > Viral <viral@debian.org> wrote: > > This has been brought up many times before. The APT packages file is just > > too large to download everytime during an apt-get update. > > I was not aware that Debian package files had been renamed APT packages file. I refered to them as APT files, in reference to apt being generally used to download those. But yes, I meant the debian package files. > Good idea, you can look at cvs.debian.org for some of the code that you will > need to modify to generate incremental package files. Why can't we just use diff+patch ? Using that, we could have something called apt-incremental, thus avoiding adding extra dependencies on apt. Well, on an unrelated issue, what do folks think of the idea of apt-gnutella or apt-freenet ? Then, one would get the Packages file from one of the debian mirrors, but the packages could be got from a P2P network such as gnutella or freenet. With debsig-verify falling into place, and packages being signed, one could then trust debs from such a network. > What key do we use to sign it? If there is a Debian security key who looks > after it? How do we make sure it is not compromised? If we sign the package > files with it do we attempt automated signing, or does there have to be human > interaction with every run of dinstall? If this was to be done, I would believe it might be a good idea for James Troup to sign it, since he's also the maintainer of debian-keyring.. Human interaction would be infeasible with every run of dinstall, and hence automated signing would have to be used, unless there is a better alternative. > I look forward to seeing your patches. I am looking out for ideas right now, as I'm not too free. But that should change in a couple of weeks, and I'll have a time to try out some of the things I mentioned. I would definitely like to try apt-gnutella or apt-freenet, but I'd like to know what others think about it, or if anyone is working on similar lines. viral -- "There is no dark side of the moon really. Matter of fact it's all dark."
Attachment:
pgpsOHiPE8sHv.pgp
Description: PGP signature