Package: zsync Version: 0.5-1 Severity: important It seems that zsync does not handle HTTP redirects:
$ zsync http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/debian-testing-i386-netinst.iso.zsync #################### 100.0% 0.0 kBps DONE reading seed file debian-testing-i386-netinst.iso: *******************************************************************************************************************************************************************************Read debian-testing-i386-netinst.iso. Target 91.3% complete. downloading from http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/i386/iso-cd/debian-testing-i386-netinst.iso: ##################-- 91.3%bad status code 302 ##################-- 91.3% 0.0 kBps aborted HTTP error 302 is "Found", aka "The requested resource resides temporarily under a different URI". This means that zsync-assisted downloads are currently failing for Debian daily test images. Looking into the zsync source code, I can see it's using its own local HTTP code rather than using libcurl or any of the other readily-available HTTP client libraries. That does seem like a bit of a design bug, to say the least. I wouldn't be surprised at all if there were multiple security bugs in there just waiting to be found. -- Steve McIntyre, Cambridge, UK. [EMAIL PROTECTED] < liw> everything I know about UK hotels I learned from "Fawlty Towers" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
