Hi! There is one thing in the Internet Draft that I'd like to bring to our attention. Section 4.2.18 sets up a a strong requirement: All IRIs MUST lead to identical files.
While surely this would be the intention, in practice I know more examples where this either isn't the case, and albeit attempted it is hard to assure. Content verification is there to help -- one of the purposes of metalinks. It might make sense to put this in a different way. Without any content verification being done (well, it is optional!), it is a relatively hard requirement to make. When a content delivery infrastructure reaches a certain scale, it becomes difficult though, as we know. In particular this is true for collaborative mirror networks formed by volunteers, where, in fact, the referenced IRIs might be outside of the control of the content provider at all. (Security comes into play here as well.) I would tend to make this a SHOULD, for practical reasons. Also, the text could/should expand both on the implications. Alternatively, would the following be an idea? All referenced IRIs SHOULD lead to identical resources, if the Metalink includes a "metalink:verification" container with at least one "metalink:hash" element. All referenced IRIs MUST be identical, if the latter is not the case. What do you think? Peter -- "WARNING: This bug is visible to non-employees. Please be respectful!" SUSE LINUX Products GmbH Research & Development
pgpzlBVDlnMDW.pgp
Description: PGP signature
