[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#582352: cupt: downloading Packages.bz2 failed: invalid size

Hi APT team,

As Eugene noticed, the use of round-robin DNS between out-of-sync
mirrors, by ftp.us.debian.org for example, makes it hard to reliably
fetch and verify the Debian archive's index files. Despite having
similar addresses Release.gpg, Release, and Packages can end up being
fetched from different mirrors. I suspect it is possible for this to
come up in some proxy setups, too, where the client has no control
over which mirror each file is fetched from.

I suggested that one possible solution would be to force use of IP
addresses for host names in requests made by the APT HTTP method. Of
course this is not ideal, because among other things it breaks virtual
hosts.

Eugene V. Lyubimkin wrote:

> Erm, this bug is not related to APT HTTP method.

This is about the protocol used by apt and other front-ends to
retrieve packages over HTTP, no?

Is your point that the same problem applies to other protocols like
FTP, too? In that case, I would disagree. With FTP, unlike HTTP, it is
easy to arrange for the Release.gpg, Release, and Packages files to be
obtained from a single mirror.

> You probably want to discuss
> this matter with APT maintainers.

Good idea, thanks. CC-ed.

Thoughts?
Jonathan
Reply to: