On Wed, Apr 29, 2009 at 6:24 PM, Adam Katz <antis...@khopis.com> wrote: > The mechanism for sa-update is brilliant, but > doesn't lend itself to enormous indices of frequently-changing rulesets.
I guess it depends what you mean by "enormous". A sought rule update is 135k. The likelihood is, imo, that you would probably split up your updates into multiple channels before they really got out of control in size. For example, you could do something like a weekly, daily, and sub-daily channel, and move rules appropriately between them. Yes, a little more of a PITA for clients, but how much churn do you really expect? > Justin: Perhaps sa-update could support [version].torrent in addition > to [version].tar.gz on each mirror? (This doesn't touch the current > DNS-based version/announce system.) Channels hosted for versions of > SA after the supporting release (e.g. 0.4.3.[channel] and "higher") > would be allowed to host only the torrent file. I had actually thought about doing a P2P sa-update so as to better withstand DoS issues, skip the need for a mirrored.by file, etc. But the main issue is that most channel updates are rather small, and so therefore the downloads are rather fast. Compared to doing a torrent, which takes relatively a long time to get setup, and just as you start, you're done. Also, it means clients are serving data, which makes the "quick sa-update and move on" more of a procedure and you have to worry about remote connectivity, etc, etc. In the end it didn't seem worthwhile beyond the security aspect, so I didn't move beyond the "thinking about" stage. (and yes, I know I'm not Justin. ;))
