Re: Mirror problems?

To: debian-devel@lists.debian.org
Subject: Re: Mirror problems?
From: Eduard Bloch <edi@gmx.de>
Date: Tue, 15 Mar 2011 02:29:11 +0100
Message-id: <[🔎] 20110315012911.GA27149@rotes76.wohnheim.uni-kl.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] AANLkTinfJGxR11nwugoQocUhRJN-Kj+PmUVfWUM7gW8E@mail.gmail.com>
References: <[🔎] 3208B1406761DD44B05F3FD0B61B96810CC00F7C@EXDB3.ug.kth.se> <[🔎] AANLkTimztWhwNyxaF+YAP9enQV88_Dma80=WVJUyfKEd@mail.gmail.com> <[🔎] 20110314142103.GA8518@glandium.org> <[🔎] AANLkTinfJGxR11nwugoQocUhRJN-Kj+PmUVfWUM7gW8E@mail.gmail.com>

#include <hallo.h>
* Paul Wise [Tue, Mar 15 2011, 08:58:47AM]:

> What was the reason for adding InRelease anyway?

I guess (repeating: *guess*) the main reason is that GPG signature needs
to be verified for the exact file contents. If you put them into two
files then you have a certain window where they are inconsistent. And
stupid HTTP proxies can be very helpful with keeping that shitty
temporary state persistent and with delivering it straight to the end
user.

So, inline signed files are basically a good idea. What is not so good:
that the new feature is poorly documented. It stayed below the radar for
many people for months/years.

Regards,
Eduard.

PS: and... yeah, this time you won't send me a idontlikeyourcourtesycopy
reminder...

Reply to:

Follow-Ups:
- Re: Mirror problems?
  - From: Peter Palfrader <weasel@debian.org>

References:
- Re: Re: Mirror problems?
  - From: Svante R Signell <srs@kth.se>
- Re: Re: Mirror problems?
  - From: James Vega <jamessan@debian.org>
- Re: Re: Mirror problems?
  - From: Mike Hommey <mh@glandium.org>
- Re: Re: Mirror problems?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Re: Mirror problems?
Next by Date: Bug#618427: ITP: sipwitch -- secure peer-to-peer VoIP server for the SIP protocol
Previous by thread: Re: Re: Mirror problems?
Next by thread: Re: Mirror problems?
Index(es):
- Date
- Thread