Hi Le jeu. 2 déc. 2021 à 11:36, Yadd <y...@debian.org> a écrit :
> > Another idea to have a compromise: > * uscan is released with versioned schemes (GitHub.json, sf.json,...) > * when launched, it tries to download new version from a new Debian API > (static json files) > * if no response or no new version, uscan uses its own scheme or a > previously downloaded update (verifying signature) > * if a new version is available from new redirector: > * it verifies GPG signature of new scheme > * if not OK, it warns and uses cached scheme > * if OK, it stores it with signature in ~/.cache/uscan/schemes > What I don't like is that it will need time to check new profiles on a central site, which looks like an invitation for DoS situations. I propose a variation of this: an explicit "uscan --update" will update the profiles, and all other calls will use the known profiles. Cheers, J. Puydt