On Sat, Jul 19, 2014 at 12:28:17PM +0100, Stuart Henderson wrote: > Personally I remember a few nearby mirror URLs, but I do think this could > be improved - we could add a sample pkg.conf file to /etc/examples with > a list of mirrors updated from mirrors.dat. Unless there are objections to > that idea, I'll look at modifying the scripts for this.
This addresses the list of package mirrors. What about the list of anoncvs mirrors? That's the other task I would sometimes use lynx for. If I'm installing on a machine in a different location, I'd like to use a closer mirror than the ones I memorized. You could have mirrors.dat as a one time update since the packages are signed. The main issues would be if a mirror wants to get added/deleted in between releases or if some mirror is compromised and stops sending out new packages. It's different with anoncvs since we're relying on the ssh pubkeys and the updates are not signed. Would it make sense to have a package that contains a list of the anoncvs mirrors + ssh fingerprints? The list would be signed and updated in the same manner as other packages. It may make sense to throw mirrors.dat in there so it is signed and updated as well. The first mirrors.dat update is bootstrapped from the installation and then updated as a package.
