- We need to be able to validate that the delta is correct before using it. We could
+ provide delta indices like we have packages - this does require pdiff support so we don't have to download the entire index everytime, as that would make deltas pointless for small updates
+ sign the deltas directly - but that's too slow, signatures are slow
+ provide one delta index per source package - might be useful compromise
- we need to uniquely identify package. I proposed we introduce a package id, based on the hash of the mtree (+ control fields maybe), but this does need mtrees first (or hashing the md5sum file)
- space usage on mirrors, how to keep this in check
Blocking points raised are:
- We need to be able to validate that the delta is correct before using it. We could
+ provide delta indices like we have packages - this does require pdiff support so we don't have to download the entire index everytime, as that would make deltas pointless for small updates
+ sign the deltas directly - but that's too slow, signatures are slow
+ provide one delta index per source package - might be useful compromise
- we need to uniquely identify package. I proposed we introduce a package id, based on the hash of the mtree (+ control fields maybe), but this does need mtrees first (or hashing the md5sum file)
- space usage on mirrors, how to keep this in check