Re: Securely retrieving dscs from snapshot.debian.org
- To: debian-snapshot@lists.debian.org
- Subject: Re: Securely retrieving dscs from snapshot.debian.org
- From: peter green <plugwash@p10link.net>
- Date: Mon, 1 Jan 2018 04:42:05 +0000
- Message-id: <[🔎] c59f4ccc-718e-fa5f-32ad-3eea45a7506f@p10link.net>
- In-reply-to: <CAKTje6Eh9-Hd-YvO9=gbso0c1pH8NFhF8vh-jvBG-Y4TVPNSuQ@mail.gmail.com>
- References: <7d7b520b-a330-20e2-764a-437c3c0340cd@p10link.net> <CAKTje6HZuP41ZKTEYFRAqg0FniNzr+_4NrGD-GCCf3m5Yzi1+g@mail.gmail.com> <c5b91f29-9765-05c2-d429-beafbf393990@p10link.net> <CAKTje6Eh9-Hd-YvO9=gbso0c1pH8NFhF8vh-jvBG-Y4TVPNSuQ@mail.gmail.com>
On 31/12/17 03:18, Paul Wise wrote:
https://anonscm.debian.org/cgit/mirror/snapshot.debian.org.git/tree/API
http://snapshot.debian.org/mr/package/iotop/
http://snapshot.debian.org/mr/package/iotop/0.6-2/srcfiles
http://snapshot.debian.org/mr/file/3671b737bad959b7c76dc1fad205951965b54f9a/info
That tells us which snapshot, but not which Sources file within that snapshot, so far the only soloution i've found to that is a brute force search
I have attatched my attempt at a tool for downloading source packages
securely from snapshot.debian.org. It seems to work, comments/improvements
welcome.
If you would like to add more endpoints to the API, that would
probably be a good idea to reduce the complexity of your script.
There seem to be two things on the API side that would make the script better
1. An option to provide information on when something was last seen rather than first seen. This increases the chances that the Release file was signed with an acceptably strong key.
2. Ideally an option to provide information on which of the Many Sources files within a snapshot contains a package. Failing that at least a way to get machine-readable directory listings.
I don't know how feasible these are though since I haven't looked at the db
Reply to: