On 08/21/2009 04:41 AM, Chuck Anderson wrote:
"CA cert checking integrated (both ways)."
This works, you can use the yum rpms presently in c5-testing to make sure. But it would only work for 5.4+ clients.
"Yum in Fedora 10 and higher can process the mirror list in metalink format, which provides additional security checking capability. Yum compares the SHA1 checksums of each repository's repomd.xml file against that of the master mirrors. This ensures that significantly out-of-date mirrors are not used."
Much like bittorrent - remember there are many people who question the whole purpose of metalinks :) In this case, I think its just overdoing something essentially simple. And, there are better, client centric ways of doing this work, some which need more development done on.
btw, there is also the gpg signing of repomd's...
So we are getting there, but perhaps not quite perfect yet. Things are already much better than they were before.
the issue that most Fedora people seem unable to comprehend is that there is a whole world out there that does not reload every 6 months - therefore being able to track back and maintain some level of compatibility with the slightly older code base is something that confines much of what Fedora does today, to within Fedora lands. Some of these things might perculate down but then when they do, Fedora has moved onto other things.[1]
Reason I say this is that we cant just jump in and follow for Fedora is doing for the reason that we have a much longer and a broader product cycle and there is little ( many times none ) interest there to maintain and work with things they consider old and outdated. So while looking at MirrorManager is something we might be able to do today - whatever changes we make into the CentOS system need to be things that we know and can maintain in house. Many times that means rewriting based on and around our specific requirements.
- KB
[1]: It is refreshing and make me quite happy to see some of the infrastructure and tooling sub-projects / Fedora-upstreams take a more pragmatic approach on these things.