(Jul 19 2005 08:03) Brian Wilson wrote:
> >The last run only validates the files. If 5-14 seconds is too slow for
> >you, and you feel increased speed is worth a possible outdated response,
> >then the web-thing is absolutely something to consider.
> 
> What is your secret? Live next door to the server room? Should I move?
> Please share! :-) I'd like to hear some results from non-Trustix folk too.

Actually, the official mirrors are in the U.S. and I reside in Norway,
so I don't have that benefit.

> My connection is 5MB and swup takes 25-30 seconds for each
> invocation. It's always slow; the time is apparently spent in the
> "Fetching upgrade info" step,  if I flush-cache it jumps to 75 seconds.
> With 3.0 I am using mirrors and it's still slow. (I wonder if I can
> find faster mirrors or at least shinier ones?)

Sounds strange. What's your location? http.trustix.org is in J.C/N.J.

> >For swup to work for your user you simply need to import the required
> >gpg keys:
> >
> >[EMAIL PROTECTED] ~$ swup --import-key
> >/usr/share/tsl-gpgkeys-sunchild/trustix-sunchild.pub.gpg
> >Import of key(s) succeded.
> >[EMAIL PROTECTED] ~$ swup --import-key
> >/usr/share/tsl-gpgkeys-sunchild/trustix-sunchild-contrib.pub.gpg
> >Import of key(s) succeded.
> 
> Did you gasp and and say "I SIMPLY can't believe he doesn't know this?
> It's written, well, nowhere actually, but he doesn't know it??"

The fact that users can use swup is written near the top of the manual
page:

   It is typically a tool used by the system administrator, but can run
   automatically via a cron or at daemon, and the query functionality is
   also available for normal users.

I thought the error message would be clue enough when swup is executed
as user, but I was apparently wrong, sorry:

The PGP signature of latest.rdf could not be verified, possible issues are:
- The PGP key which this file is signed by, is not yet imported into swup.
- The systems clock is set horribly wrong.
- The file, or its signature file, was damaged during download.
- The file was not signed at all.


> 
> Suggestion 1: Put it in the man page near the top. I will put it in the 
> wiki.

What part? The part about having to import the gpg keys?

> Suggestion 2: Change the messages returned when a non-root/non-trusted
> user uses swup so that it is readable by first circle swup gurus.
> Currently it pumps out a long message about my system clock being
> wrong and about files not being trusted. It does this about 5 times or so
> (one for each repository), it takes about 60 seconds to do this.
> So I get slapped three times, the command does not work, it gives
> wordy unhelpful messages, and it takes a long time. Whoever wrote this
> clearly is trying to punish me. Why? What did I do? I try to be nice...

Naa, you're a bad boy, and you know it.

Actually I did my best at making the error messages as correct and
understandable as possible. I also tried to prioritize so that the most
common issue was the first listed. I'm sorry that tricked you into only
reading the system-clock thing. We need to have all the possible causes
listed, as it happens they are all correct.

> I am afraid I don't understand the key requirement.  If any user can
> import the keys but the command won't work until it's been done, 
> why not tell him what you are doing and just do it for him?

Because swup does not know where to find the keys. Swup is a generic
tool that works for many different distributions, and can't be
hard-coded to know the locations of every distros keys.

Anyway, you are right about 1 thing. It should be possible to configure
a key-url in each site section of the swup.conf of the system, letting
swup grab the missing key if the verification of the signature fails. I
have to think about possible security implications this may have.

> Psst -- it's spelled "suceeded" not "succeded" :-)

Issue a bug report.

> Yes -- I don't watch TV but I hear lots of people use the 30-60 second
> ad breaks for something else. swup is slow enough for me to check email.

If I where you I would consider setting up a local mirror, or check your
ISP for whatever problem they have.


kind regards


c

-- 
Christian H. Toldnes
Trustix Developer
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to