[CentOS-mirror] mirror manager
Karanbir Singh
mail-lists at karan.org
Fri Aug 21 11:44:08 UTC 2009
On 08/21/2009 04:41 AM, Chuck Anderson wrote:
>
> "CA cert checking integrated (both ways)."
This works, you can use the yum rpms presently in c5-testing to make
sure. But it would only work for 5.4+ clients.
> "Yum in Fedora 10 and higher can process the mirror list in metalink
> format, which provides additional security checking capability. Yum
> compares the SHA1 checksums of each repository's repomd.xml file
> against that of the master mirrors. This ensures that significantly
> out-of-date mirrors are not used."
Much like bittorrent - remember there are many people who question the
whole purpose of metalinks :) In this case, I think its just overdoing
something essentially simple. And, there are better, client centric ways
of doing this work, some which need more development done on.
btw, there is also the gpg signing of repomd's...
> So we are getting there, but perhaps not quite perfect yet. Things
> are already much better than they were before.
the issue that most Fedora people seem unable to comprehend is that
there is a whole world out there that does not reload every 6 months -
therefore being able to track back and maintain some level of
compatibility with the slightly older code base is something that
confines much of what Fedora does today, to within Fedora lands. Some of
these things might perculate down but then when they do, Fedora has
moved onto other things.[1]
Reason I say this is that we cant just jump in and follow for Fedora is
doing for the reason that we have a much longer and a broader product
cycle and there is little ( many times none ) interest there to maintain
and work with things they consider old and outdated. So while looking at
MirrorManager is something we might be able to do today - whatever
changes we make into the CentOS system need to be things that we know
and can maintain in house. Many times that means rewriting based on and
around our specific requirements.
- KB
[1]: It is refreshing and make me quite happy to see some of the
infrastructure and tooling sub-projects / Fedora-upstreams take a more
pragmatic approach on these things.
--
Karanbir Singh : http://www.karan.org/ : 2522219 at icq
More information about the CentOS-mirror
mailing list