The APT HTTP method and round-robin DNS
- To: deity@lists.debian.org
- Cc: 582352@bugs.debian.org, "Eugene V. Lyubimkin" <jackyf@debian.org>
- Subject: The APT HTTP method and round-robin DNS
- From: Jonathan Nieder <jrnieder@gmail.com>
- Date: Tue, 7 Jun 2011 10:31:50 -0500
- Message-id: <[🔎] 20110607153150.GA24564@elie>
- In-reply-to: <AANLkTinq0bSBZW0fK1aktKyERQi49l83nRNmbo62nYaU@mail.gmail.com>
- References: <20100520060924.GA32438@progeny.tock> <4BF56457.7090001@debian.org> <20100520171839.GA12630@progeny.tock> <4BF57439.8020800@debian.org> <20100520180815.GA14002@progeny.tock> <4BF59199.3000106@debian.org> <20100521004042.GA2204@progeny.tock> <4BF69D95.2060106@debian.org> <AANLkTinq0bSBZW0fK1aktKyERQi49l83nRNmbo62nYaU@mail.gmail.com>
Hi APT maintainers,
Jonathan Nieder wrote:
> As Eugene noticed, the use of round-robin DNS between out-of-sync
> mirrors, by ftp.us.debian.org for example, makes it hard to reliably
> fetch and verify the Debian archive's index files. Despite having
> similar addresses Release.gpg, Release, and Packages can end up being
> fetched from different mirrors. I suspect it is possible for this to
> come up in some proxy setups, too, where the client has no control
> over which mirror each file is fetched from.
>
> I suggested that one possible solution would be to force use of IP
> addresses for host names in requests made by the APT HTTP method. Of
> course this is not ideal, because among other things it breaks virtual
> hosts.
Ping? Would you be interested in a patch for this?
Reply to: