On Fri, Jan 30, 2009 at 09:14:54PM +0100, Michael Vogt wrote: > On Sun, Dec 21, 2008 at 10:45:13PM +1000, Anthony Towns wrote: > > Attached is a patch against apt 0.7.19 (current in lenny/sid) > > including just the Redirect support from Jeff Licquia's patch in > > Bug#212732. > Thanks a lot for this, I merged it into my bzr tree and it will be > part of the next merge into debian (experimental initially).
Great! > > As far as the issues described in Bug#66434 with bad redirection [...] > One possible issue I can see is that consistency may become a > issue. If the server that redirects does that to mirrors that are not > in sync and the Release file comes from A but the Packages file from B > users may run into hashsum failures. Yup; that'll be caught and give an error though. I presume the most likely use will be either redirecting all requests -- in which case synchronisation isn't an issue; or redirecting pool/ but not dists/ -- in which case 404s are the only risk, I can see, and seems reasonably minor. > I can not think of any security concerns about the patch, the > signature and hashsum code should protect us here to the extend > possible. Yup, that matches my understanding. Cheers, aj -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org