On Thu, 18 Feb 2010 23:13:53 -0000, John A Meinel <email address hidden> wrote:
> If you look at it, this is because there are potentially many Ubuntu
> packages based on the same orig.tar.gz. It doesn't seem to care that the
> file exists locally with the same name. (It would overwrite it each
> time.)
Oops.
> This is also being run from within a single process, so it would likely
> be able to say "I just downloaded that, trust that it is accurate".
>
> Now the full url is different, so maybe we can't trust it?
We can as long as we don't trust it to be the same from different
distributions.
A cache based on hashes would be perfectly safe, but a little more work.
Without looking I don't know whether the cross-distribution requirement
means it would be just as easy to do the cache.
On Thu, 18 Feb 2010 23:13:53 -0000, John A Meinel <email address hidden> wrote:
> If you look at it, this is because there are potentially many Ubuntu
> packages based on the same orig.tar.gz. It doesn't seem to care that the
> file exists locally with the same name. (It would overwrite it each
> time.)
Oops.
> This is also being run from within a single process, so it would likely
> be able to say "I just downloaded that, trust that it is accurate".
>
> Now the full url is different, so maybe we can't trust it?
We can as long as we don't trust it to be the same from different
distributions.
A cache based on hashes would be perfectly safe, but a little more work.
Without looking I don't know whether the cross-distribution requirement
means it would be just as easy to do the cache.
Thanks,
James