On Tue, Apr 26, 2011 at 10:26:24PM -0500, Rajko M. wrote:
This is new to me.
http://old-en.opensuse.org/Libzypp/Failover Last edit by Peter was on March 3rd, 2009.
This is at the very bottom of the article: "It is noteworthy that the origin server (download.opensuse.org) does not redirect for metadata and signatures to any mirror, so the clients always get those critical files from the origin site. If clients are using mirrors directly, the tradeoff is that they are less secure."
Is this changed since then? If yes, what is replacing that?
All files without any numbers in the file name are not rediected, but served directly. In former times with was true for the metadata, like "primary.xml.gz". Since some time we switched to the new "checksum-primary.xml.gz" format. The checksums pretty much always contain numbers, so they get redirected to the mirrors. This also has the advantage that the load on our server dropped siginficantly, as it no longer has to serve those big files. There is no security issue caused, as "repomd.xml" contains the checksum for primary.xml and is still not redirected, as it doesn't contain a number. The same is true for the signature. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org