Re: apt-get may accept inconsistent data
On 5/7/08, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> "Cameron Dale" <camrdale@gmail.com> writes:
> > 3) getting an HTTP 304 response may be faster than hashing a 20 MB
> > file, especially considering that a request may need to be sent after
> > finding an out of date hash
>
> It may be faster but not authorative. Also on 99.9% of all systems the
> time to checksum 20MB is neglible. And on others it is probably
> insignificant compared to a following apt-get upgrade call.
It should be authoritative, the only reason it's not would be a broken
proxy, which isn't really apt's or the mirror's fault.
For the record, on a reasonably fast machine:
$ time sha1sum \
ftp.us.debian.org_debian_dists_unstable_main_binary-amd64_Packages
cff59b58caf8b870f9514bf907a365b262b6a9bc
ftp.us.debian.org_debian_dists_unstable_main_binary-amd64_Packages
real 0m0.901s
user 0m0.288s
sys 0m0.076s
That's longer than a 304 request would take to come back, and if the
hash is old then a download request would have to be sent anyway,
whereas the original request would return the new file immediately.
Cameron
Reply to: