[CentOS-devel] why provide debuginfo
Pär Andersson
paran at nsc.liu.se
Fri Apr 10 09:34:12 UTC 2009
Karanbir Singh wrote:
> Change which part ? signing them or automating something ? The reason
> debuginfo's are not signed is that bringing them into a securebox for
> the signing process and pushing them out again easily triples the time
> factor.
Personally I would rather wait even longer if that meant signed
packages. Of course it would not be an ideal solution, but I think the
security risk of installing unsigned packages is much worse than the
inconvenience of waiting.
Also this would only be a big problem at release time, for ordinary
updates the delay should not be that bad.
> At the moment, there are 2 internal and 1 external mirror for debuginfo
> - that can be increased if required. I know that atleast mirrorservice
> and kernel.org have previously said that they will make more space
> available to centos.org if we need it on their mirrors - and they are
> happy to host vhost's for debuginfo / beta's.
If disk space on mirrors is a problem you could separate the debuginfo
into one directory per release, and move older ones to vault.centos.org.
Regards,
Pär Andersson
National Supercomputer Centre, Sweden
More information about the CentOS-devel
mailing list