From:
[email protected]
On Mon, Aug 16, 2004 at 11:00:49AM +0200, Chris Halls wrote:
On Mon, 2004-08-16 at 10:13, Bastian Blank wrote:
apt-proxy happily provides access to not matching Releases and Packages files.
Please provide enough information for Otavio to be able to do something
with this bug. This is not enough information to reproduce a bug, and I don't even understand what this sentence is supposed to mean. apt-proxy doesn't tamper with the Releases or Packages files, it passes them
unmodified from the backend. Please describe exactly what has gone
wrong for you.
The dists part of the archive contains the following files:
$distribution/Release $distribution/$component/binary-$architecture/{Release,Packages{,.gz,.bz2}} $distribution/$component/source/{Release,Sources{.gz,.bz2}}
The first file includes checksums of the other files.
Some of the clients (apt/experimental, debootstrap) fetches the overall
Release file and checks the checksums of the files. Some (apt/unstable)
don't.
The following things happens:
- a normal client requests the Packages file, it is in the cache now.
- the mirror gets an update.
- a client requests the Release file
- the same client requests the cached Packages file
The checksums does not match if this happens.
Bastian
--
Not one hundred percent efficient, of course ... but nothing ever is.
-- Kirk, "Metamorphosis", stardate 3219.8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iEYEARECAAYFAkEgfNgACgkQnw66O/MvCNEf0gCfVOCU0OoVkKH/MzRGrPTBMtig FI8AoK1e+gudCgTW/mVTD/y1MYdvibzF
=kitG
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)