[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: arch params
From: |
James Blackwell |
Subject: |
Re: [Gnu-arch-users] Re: arch params |
Date: |
Tue, 6 Jan 2004 03:38:38 -0500 |
In lists.arch.users, you wrote:
> On Jan 05 2004, Dustin wrote:
>> Where can I read about available arch params?
>>
>> In particular, is there one I can use to disable this message:
>>
>> NO CHECKSUMS FOUND FOR REVISION
>> (unsigned archive, continuing anyway)
>
> There's a howto in the docs-tla tree. In short:
>
> - create temporary mirror of archive
> - mirror entire archive there
> - move original archive out of the way
> - replace with temporary
> - remove =meta-info/mirror file from archive
> - verify that everything is ok before deleting old archive
I think Zander made a very good point about the results of security
conflicting with security.
While your list above does work great for the original owner of an
archive, they are not useful when mirroring someone else's archive comes
into play.
In three short days I have come to turn a blind eye to tla's output when
mirroring due to the excessive chattiness of tla both when mirroring
archives which are neither signed nor checksummed and when signatures
are good. If tla were less chatty about good signatures/no checksums
when unsigned, I would be more inclined to look for error messages about
bad signatures. Despite the heavy warnings that we've got going, only
1/4 of the archives in the wild are signed.
Thus, I am of the opinion that tla should remain silent when good
signatures are encountered (traditionally, tools should remain silent
unless there is a problem). Furthermore, I think it would be better
to not gripe about missing checksums on unsigned archives until either
mid 1.2 or early 1.3.
For the very least, since non-checksummed revisions in unsigned archives
is currently a warning (and not an error), the warning should be trimmed
down while people adjust to the new way of doing things.
--
James Blackwell Using I.T. to bring more 570-407-0488
Owner, Inframix business to your business http://inframix.com
GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D 247A 8A55 DA73 0635 7400
Re: [Gnu-arch-users] arch params, Tom Lord, 2004/01/06
Re: [Gnu-arch-users] arch params, Charles Duffy, 2004/01/06
Re: [Gnu-arch-users] arch params, Robin Farine, 2004/01/06