[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Re: Dump
|
From: |
Matthew Palmer |
|
Subject: |
[Sks-devel] Re: Dump |
|
Date: |
Sat, 16 Oct 2010 13:32:56 +1100 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, Oct 15, 2010 at 01:22:50PM -0400, Jeff Johnson wrote:
> On Oct 15, 2010, at 12:54 PM, Jesus Cea wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 14/10/10 17:49, Jeff Johnson wrote:
> >> Anyone interested in using mongo gridfs for SKS dump file distribiution?
> >
> > How do you cope with malfunctioning/hostile/malicios MongoDB instances?.
> >
>
> Signing the sks-dump files isn't rocket science. Nor is setting up mongodb
> authentication.
>
> FWIW, I loaded the latest sks-dump files last night.
>
> You can retrieve by doing
> mongofiles -h harwich.rpm5.org -d sks get sks-dump-0001.pgp
>
> Dunno how long the sks-dump files will remain. I'll make an effort at doing
> a service iff there is interest. My private interest is/was mongo
> performance/stability on a moderately large datastore.
>
> Note that I'm likely going to try to package all the dump's in a *.rpm
> package.
Or you could write a couple of small shell scripts instead, and benefit the
entire SKS server operator pool.
> The possible advantage is that one would achieve:
> 1) per-file digests, not just MD5.
This doesn't make any sense. MD5 *is* per file. If you mean "multiple
different per-file digests" then run both sha1sum *and* md5sum (or however
many different hashes you want to create) over the files. Verification is
easy through the -c option to all of the *sum utilities.
> 2) payload compression through the *.rpm wrapping
Or you can just gzip/bzip2/lzip/whatever the .pgp files.
> 3) automatic signing (while building) and verifying (while installing)
Shell script! (cha cha cha) Generate the .pgp files, hash them all,
compress them, sign the digest files, all done. More secure then signing
the whole RPM because you don't have to transfer the whole RPM to your local
machine just to sign it.
> OTOH a ~2Gb *.rpm package just isn't something that you want to throw into a
> Yum
> repository
You can say that again.
> for automagic upgrading.
I can't see a case where anyone would ever want to install more than one of
these packages. Once the initial install is done, SKS is supposed to keep
everything up to date.
- Matt
- [Sks-devel] Re: Dump, (continued)
- Re: [Sks-devel] Dump, Jens Leinenbach, 2010/10/14
- [Sks-devel] Dump, R P Herrold, 2010/10/14
- Re: [Sks-devel] Dump, Robert J. Hansen, 2010/10/14
- Re: [Sks-devel] Dump, Jeff Johnson, 2010/10/14
- Re: [Sks-devel] Dump, Jesus Cea, 2010/10/15
- Re: [Sks-devel] Dump, Jeff Johnson, 2010/10/15
- Re: [Sks-devel] Dump, Jeff Johnson, 2010/10/15
- [Sks-devel] Re: Dump,
Matthew Palmer <=
- Re: [Sks-devel] Re: Dump, Jeff Johnson, 2010/10/15
- Re: [Sks-devel] Dump, Christoph Anton Mitterer, 2010/10/15
- [Sks-devel] Re: Dump, Christoph Anton Mitterer, 2010/10/14
[Sks-devel] Dump, Sebastian Urbach, 2010/10/13