[Catalog-sig] PyPI mirrors are all up to date

Donald Stufft donald.stufft at gmail.com
Tue Apr 17 19:57:11 CEST 2012 

On Tuesday, April 17, 2012 at 9:45 AM, martin at v.loewis.de wrote:
> > So you were updating a directory but serving another directory ?
> > 
> > But then updating the right last-modified page people were seeing ?
> 
> It probably would have updated an unpublished last-modified as well.
> 
> For a similar issue, in appengine, I had duplicate File objects in the
> database, and always served the one that GQL happened to return first.
> In that case, both last-modified and the checksum might update correctly,
> but still, the wrong file might get served.
> 
> > I am not sure why we're having this discussion since it's 
> > implementation details, but it's fun :)
> > 
> 
> 
> I'm still trying to prove my claim that it's not feasible to increase
> the trustworthiness of a mirror by computing some kind of checksum.
> If the mirror has some systematic or random error, it may well be that
> the checksum is as-expected, yet the mirror is inconsistent.
> 
> 

As I thought more about this, I think it is actually feasible. It's not feasible to
increase it to 100%, but in this case, assuming a bug over malevolence, the
bug would have to affect both the updating of the last-modified and the checksum
generation.

It's essentially the same thing as asking another person to check over some work,
that person could miss something, or also be wrong, but it decreases the likelihood
by adding another piece of verification. 
> 
> > If there's interest I can write a multiprocess-based script that 
> > keeps a md5 database up-to-date
> > 
> 
> 
> That's besides the point. The question is whether doing so would practically
> help to improve the consistency, and I believe the answer is: no. It may help
> to increase people's trust (which is a subjective manner), which may be
> worthwhile itself, but may also backfire if they download inconsistent files
> despite the mirror giving "proof" that it is consistent.
> 
> Regards,
> Martin
> 
> 
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org (mailto:Catalog-SIG at python.org)
> http://mail.python.org/mailman/listinfo/catalog-sig
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20120417/2acf320e/attachment-0001.html>

More information about the Catalog-SIG mailing list