On 31/12/17 03:18, Paul Wise wrote:
https://anonscm.debian.org/cgit/mirror/snapshot.debian.org.git/tree/API
http://snapshot.debian.org/mr/package/iotop/
http://snapshot.debian.org/mr/package/iotop/0.6-2/srcfiles
http://snapshot.debian.org/mr/file/3671b737bad959b7c76dc1fad205951965b54f9a/info
That tells us which snapshot, but not which Sources file within that snapshot,
so far the only soloution i've found to that is a brute force search
I have attatched my attempt at a tool for downloading source packages
securely from snapshot.debian.org. It seems to work, comments/improvements
welcome.
If you would like to add more endpoints to the API, that would
probably be a good idea to reduce the complexity of your script.
There seem to be two things on the API side that would make the script better
1. An option to provide information on when something was last seen rather than
first seen. This increases the chances that the Release file was signed with an
acceptably strong key.
2. Ideally an option to provide information on which of the Many Sources files
within a snapshot contains a package. Failing that at least a way to get
machine-readable directory listings.
I don't know how feasible these are though since I haven't looked at the db
