On Fri, Oct 15, 2010 at 01:22:50PM -0400, Jeff Johnson wrote: > On Oct 15, 2010, at 12:54 PM, Jesus Cea wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 14/10/10 17:49, Jeff Johnson wrote: > >> Anyone interested in using mongo gridfs for SKS dump file distribiution? > > > > How do you cope with malfunctioning/hostile/malicios MongoDB instances?. > > > > Signing the sks-dump files isn't rocket science. Nor is setting up mongodb > authentication. > > FWIW, I loaded the latest sks-dump files last night. > > You can retrieve by doing > mongofiles -h harwich.rpm5.org -d sks get sks-dump-0001.pgp > > Dunno how long the sks-dump files will remain. I'll make an effort at doing > a service iff there is interest. My private interest is/was mongo > performance/stability on a moderately large datastore. > > Note that I'm likely going to try to package all the dump's in a *.rpm > package.
Or you could write a couple of small shell scripts instead, and benefit the entire SKS server operator pool. > The possible advantage is that one would achieve: > 1) per-file digests, not just MD5. This doesn't make any sense. MD5 *is* per file. If you mean "multiple different per-file digests" then run both sha1sum *and* md5sum (or however many different hashes you want to create) over the files. Verification is easy through the -c option to all of the *sum utilities. > 2) payload compression through the *.rpm wrapping Or you can just gzip/bzip2/lzip/whatever the .pgp files. > 3) automatic signing (while building) and verifying (while installing) Shell script! (cha cha cha) Generate the .pgp files, hash them all, compress them, sign the digest files, all done. More secure then signing the whole RPM because you don't have to transfer the whole RPM to your local machine just to sign it. > OTOH a ~2Gb *.rpm package just isn't something that you want to throw into a > Yum > repository You can say that again. > for automagic upgrading. I can't see a case where anyone would ever want to install more than one of these packages. Once the initial install is done, SKS is supposed to keep everything up to date. - Matt _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel