[Catalog-sig] PyPI mirrors are all up to date
"Martin v. Löwis"
martin at v.loewis.de
Mon Apr 16 23:57:51 CEST 2012
> Maybe a better checksum would be a global hash calculated differently ?
Define a protocol, and I present you with an implementation that
conforms to the protocol, and still has inconsistent data, and not
in a malicious manner, but due to bugs/race conditions/unexpected
events. It's pointless. Ultimately, clients will need to verify the
data that they receive (if they suspect issues), and fall back gracefully.
> I can definitely see a mirroring implementation where the
> last-modified field is updated at the end while some packages are not
> copied over at the end for whatever network issue.
That mirroring implementation would violate the principle that
last-modified should only be updated when the mirroring run was
completed successfully.
Regards,
Martin
More information about the Catalog-SIG
mailing list