On 2012-1-3 17:11 , Daniel J. Luke wrote: > On Jan 2, 2012, at 5:47 PM, Ryan Schmidt wrote: >> These types of broken DNS servers are obviously not going away > > Are you sure? > > if people start implementing dnssec (and we get dnssec validation in the stub > resolver in the OS), this kind of stupidity can't happen... > > (of course, it's possible that dnssec never gets widely deployed, or that > people never end up doing validation on end hosts, but only in some recursive > resolvers). > >> we should not punish users who have broken DNS servers > > for the good of the internet, maybe we should (or at least print out some > warning saying a possible broken DNS server has been detected) > >> and make them uniquely responsible for shouldering the burden of reporting >> these problems to us. Instead we should afford them the same convenience >> users with compliant DNS servers have. > > ... but for the good of our end-users, I agree we want to provide the best > experience possible (so if we can detect and work around the issue, I'm all > for doing so).
How are you planning to tell which checksum mismatches are from bad DNS lookups and which are from a stealth update or broken proxy? Downloading the distfile from every one of the potentially dozens of mirrors is not OK. - Josh _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
