Am Dienstag, den 14.04.2020, 10:20 +0100 schrieb Neil C Smith: > On Mon, 13 Apr 2020 at 20:44, Matthias Bläsing > <mblaes...@doppel-helix.eu> wrote: > > Fetch the base updates.xml: > ... > > The difference is, that the "distibution" attributes are relative i the > > base version and fully qualified in the mirror version. > ... > > Does this looks sane? > > If you're thinking of generating every request for updates.xml? Not really?!
Yes - it is the _catalog_ not every nbm. Yes this still needs work (for example instead of loading the catalog and working on the DOM, a streaming parser should be able to do the modification on-the-fly). The alternative would be to generate update.xmls for every mirror. > The relative / base URL different in the XML can be a problem - eg. > using the platform Ant scripts to create the platform will fail due to > redirects maxing out downloading NBMs. I'm not sure if installing > whole clusters in the IDE would trigger the same issue. In some ways > we only redirect via NetBeans VM as a statistics gathering mechanism. Sorry - no idea what this means. Do you mean, that closer.lua will reject request because a request limit is reached? > It might be good if the IDE code followed redirects only for the > updates.xml, and treated relative links as relative to the catalog > endpoint anyway? This is already the case - the urls are resolved relative to the update center URL. BUT that URL must not be redirected to mirrors, as it is our trust anchor. > I agree with Antonio that this is probably better handled in the end > user's IDE itself. With Apache mirrors now moving to https, changing > the update centre to directly reference a mirror may be the best > short-term workaround - eg. > https://www.mirrorservice.org/sites/ftp.apache.org/netbeans/netbeans/11.3/nbms/updates.xml.gz No, we must _never_ redirect the IDE to fetch the updates.xml from an untrusted source and the mirror network must be considered untrusted. > This obviously doesn't handle mirrors going away after next release is > done - would need some logic to fall back to default on error if > providing a UI for this? Only if we trust the mirrors. Greetings Matthias --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
