Dr. Peter Pöml wrote:
Any serious operating system update client / download tool should do something
like this
apt is pretty good at refusing files that don't match what it expected.
The "release" file is signed with
a gpg key and then there is a chain of hashes leading from the release
file to the "packages" file and
then down to the actual binary packages and files that make up source
packages.
What it won't do is automatically retry stuff that was not found or
found to be corrupted, that is
down to the user to reissue the command.
Even if the mirror was atomically updated its still possible for users
to get 404 errors since their
package lists may be out of date.
_______________________________________________
mirrorbrain mailing list
Archive: http://mirrorbrain.org/archive/mirrorbrain/
Note: To remove yourself from this mailing list, send a mail with the content
unsubscribe
to the address mirrorbrain-requ...@mirrorbrain.org
