I just noticed that when I use YOU to update, I get different package lists depending on what "mirror" I choose. That's not funny, considering that I'm primarily interested in security updates. I don't want to overload ftp.suse.com but I can't really check every available mirror to see if "this one has something the others don't". Has anyone else witnessed this phenomenon? In particular, I found that ftp.gwdg.de had updates for "nVidia-3" and MySQL that ftp.suse.com didn't have - strange! It makes me (a paranoid type) worry about the possibility of compromised packages on the mirrors, too, when I see they have things suse.com doesn't. I wonder if YOU does any auto-checking of MD5 sums and/or gpg keys? :-? ---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have not noticed this phenomenon, but then again I only do my updates to ftp.suse.com. Sorry Q On Tuesday 15 January 2002 07:27, JW wrote:
I just noticed that when I use YOU to update, I get different package lists depending on what "mirror" I choose. That's not funny, considering that I'm primarily interested in security updates. I don't want to overload ftp.suse.com but I can't really check every available mirror to see if "this one has something the others don't".
Has anyone else witnessed this phenomenon?
In particular, I found that ftp.gwdg.de had updates for "nVidia-3" and MySQL that ftp.suse.com didn't have - strange! It makes me (a paranoid type) worry about the possibility of compromised packages on the mirrors, too, when I see they have things suse.com doesn't. I wonder if YOU does any auto-checking of MD5 sums and/or gpg keys?
:-?
---------------------------------------------------- Jonathan Wilson System Administrator
Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE8Q7znrRt/wyesa9sRAl6+AJ4+2XYZ80TylThyazhf8gnBWiu/JACfTyPC l4taodnSbyQmZsvzzu2Be0Q= =xlU9 -----END PGP SIGNATURE-----
Yes, I have noticed that the default gdwg site seems to be update after the suse.com ftp site. Problem, half the time the ftp.suse.com site won't link - it drops my connect. Bummer, Curtis On Monday 14 January 2002 11:27 pm, JW wrote:
I just noticed that when I use YOU to update, I get different package lists depending on what "mirror" I choose. That's not funny, considering that I'm primarily interested in security updates. I don't want to overload ftp.suse.com but I can't really check every available mirror to see if "this one has something the others don't".
Has anyone else witnessed this phenomenon?
In particular, I found that ftp.gwdg.de had updates for "nVidia-3" and MySQL that ftp.suse.com didn't have - strange! It makes me (a paranoid type) worry about the possibility of compromised packages on the mirrors, too, when I see they have things suse.com doesn't. I wonder if YOU does any auto-checking of MD5 sums and/or gpg keys?
:-?
---------------------------------------------------- Jonathan Wilson System Administrator
Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com
[don't worry, I'll format your your mail for you] * JW (jw@centraltexasit.com) [020114 21:22]:
I don't want to overload ftp.suse.com but I can't really check every available mirror to see if "this one has something the others don't". Has anyone else witnessed this phenomenon?
Yes. There mirrors are sometimes out of date. There's not a lot we can do about it since they are volunteering their bandwidth and time.
In particular, I found that ftp.gwdg.de had updates for "nVidia-3" and MySQL that ftp.suse.com didn't have - strange!
That is strange.
It makes me (a paranoid type) worry about the possibility of compromised packages on the mirrors, too, when I see they have things suse.com doesn't. I wonder if YOU does any auto-checking of MD5 sums and/or gpg keys?
Yes, YOU checks both. -- -ckm
participants (4)
-
Christopher Mahmood -
Curtis Rey -
JW -
Quinton Delpeche