Date: Thu, 29 Jul 2010 00:24:12 +0300 From: "Andrew W. Nosenko" <andrew.w.nosenko@gmail.com> To: Dominic Fandrey <kamikaze@bsdforen.de> Cc: Marcin Wisnicki <mwisnicki+freebsd@gmail.com>, freebsd-ports@freebsd.org Subject: Re: Strange contents on some ftp mirrors Message-ID: <AANLkTi=B_OuknGL2p9mW9QWNQL3ExXX_vDKgj7CyWFoJ@mail.gmail.com> In-Reply-To: <4C504F25.8050607@bsdforen.de> References: <i2na4v$f3c$1@dough.gmane.org> <4c4fac09.Kkzz6V/G5TxaiQAZ%perryh@pluto.rain.com> <i2pahu$dri$1@dough.gmane.org> <4C504F25.8050607@bsdforen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 28, 2010 at 18:39, Dominic Fandrey <kamikaze@bsdforen.de> wrote: > On 28/07/2010 15:15, Marcin Wisnicki wrote: >> On Tue, 27 Jul 2010 21:03:21 -0700, perryh wrote: >> >>> Marcin Wisnicki <mwisnicki+freebsd@gmail.com> wrote: >>>> At this very moment, french package mirror has INDEX newer than in >>>> other mirrors: >>>> >>> ... >>>> >>>> yet it does not have those packages. >>>> >>>> How could something like this happen ? >>> >>> By being examined while a resync was in process: evidently the new INDEX >>> file had been transferred but that package file (and likely others) were >>> still in transit or perhaps not even started yet. Mirroring is not an >>> instantaneous process. >> >> Yeah that was it, but it is really, really bad. >> Mirroring must be atomic (mirror to temporary directory then rename). >> Otherwise there is a large window of time every couple of days when upgrading >> packages will at best fail or leave you with broken system. >> I did binary upgrade with pkg_upgrade yesterday and half of my system was linked >> against wrong libintl version :( > > The next version of pkg_upgrade will check every downloaded package > against the master server after completing the download. Excuse me? The ports check downloaded source tarball against SHA checksum. Just for nay case like downloading error or malicious inject. Did you try to say that binary package have no such safeguard? > I expect to release it at the end of September. -- Andrew W. Nosenko <andrew.w.nosenko@gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=B_OuknGL2p9mW9QWNQL3ExXX_vDKgj7CyWFoJ>