From: Leandro Costa (ldcostatutopia.com)
Date: Thu May 01 2003 - 07:29:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 1 May 2003 07:56:06 +0300 (EEST)
"Berk D. Demir" <bddieee.org> wrote:

> On Thu, 1 May 2003, Leandro Costa wrote:
>
> > Some months ago i was talking with a friend about OpenBSD packages,
> > because i was preparing a script to update them and we realised that we
> > are not able to check if the copy we have on disk is the same that the
> > one on the server (i.e. there are no MD5/SHA1/RMD160 sums).
>
> Check your local repository via rsync.
> Many RSYNC mirrors are listed in http://www.openbsd.org/ftp.html#rsync
> As rsync offers cheksum controls, you can even update your local copy
> immediately.
>
I think that a lot of ppl uses ftp to download packages and since rsync doesn't come with the base system, ftp downloads are more handy

> > Wouldn't it be cool to add a file under
> > ftp://ftp.openbsd.org/pub/OpenBSD/$RELEASE/packages/$ARCH, containing
> > the packages' MD5 sums at least? I think it'd be more secure if we can
> > check those sums.
>
> The pattern for OpenBSD package downloads[1] shows that, 90% of people
> just download 10 - 15 files a session. They do not download the whole packages
> directory.
> There must be something more efficient then stuffing all the hash values
> into *one* file.
>
> That can be useful.
>
Yep, it could be useful to create a $PACKAGE.md5 for each package on the directory.. but it'd end up filling it with a lot of files, and when someone tries to access the dir, it'd take double the time to download the contents (think of slow connections.. i'm on 512k and it takes a while to read the contents). So i think that a file containing all the md5 sums would be the right choice.
I hope that something like this is going to be done, so we can rely on our packages' downloads.

> -bdd
>
> [1]: May 2002 - Apr 2003 ftp.linux.org.tr stats
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]