-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, 13 Dec 2019, Giancarlo Razzolini wrote:
Em dezembro 13, 2019 8:39 Allan McRae escreveu:
Hi all,
I have made a start at adding an expiry time to repo databases. See
the three patches here:
https://patchwork.archlinux.org/bundle/Allan/repo_timestamp/
My question is, what should we do once a database is determined to be
expired? Follow the example of a bad signature, and refuse to load it
at all? Just refuse to install anything from it, but still enable
searching etc?
Just deciding "bad repo, don't use" will be much easier to implement...
Comments?
I'd go with, if expired, don't touch it *at all*. Even searching from then
should not be allowed.
I'm also in favour of this approach. We need some possibility to ignore
the expiration anyways (e.g. change config option or more convenient: some
command line flag to override the value from the config file), because
otherwise it becomes impossible to install from an archived repository.
Regards,
Giancarlo Razzolini
Regards,
Erich
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl3zi2MACgkQCu7JB1Xa
e1o4Dg//fQpcgXZlD5v3zSyEX3Nd6/CUQhpODypFK0F8Wzt/zi/LONoR9R/Z41Ww
JZsrbDbkjux/8N1Ef2/rvR43TTVkNouiaEUQ5nPvTICdF/OT5ZD0Rsxxiv3ihAU/
csHB8ZPtzRbBIPDrtdvFD2O2sRzE7jQA8enm3tm74nI5XgWOgs0n36PAj23nA/Q8
H+OC2QHvhRPVL1KL4jJehBHA4c6sL21Kao8KWMbqiCloP5smTwtwQpwKgDZBPLu8
htFf2BLftJlqrI5TrbLbmrPsU+5sqqTxOvE6YP9fPfbFU4asnIZ5CrbJq7H9CvFI
LuomryLYv9SS4xEHznCVOAU7WGajD6Squ2L7Naz+eWv5oBBeV7c1aibmb17CvFFd
S3UYNli4S1X//L3FojTAnGoQHXQgBgCKWj3prowZjw9fHtTQyruwiMkdRs7KdyJG
iwokGdYJg3xwK5Cz+HOY7vlfPQQ5fXX6U/r3FAKaEBx4SMSwPL5+JpD7HYA7BpFs
L4vfbjKm+xijOwsQ5wzep7PbEBkHh63wWySPqNzcxHs5v2JY1/+HsvcXjnO7dHDe
uYDofgslLOB8dvaAIEdhX/5NAwNXGmQwHZZs2vxcBahGV9a9m9oJ0cKu2TkI7TOE
xLDFEjy/0Uwj/BtPKWw4UbO4ArPF/VB7cXTu9DNWCJ/AD3AyWA4=
=S1BH
-----END PGP SIGNATURE-----
