-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick Lauer wrote:
>>> The metadata cache is "inert" in the sense that it isn't executable
>>> code (and if anyone tries to execute it ... "You're doing it wrong"
>>> comes to mind"), so adding it does not pessimize the situation.
>> But generating t
On Sun, 21 Jun 2009 17:00:01 +0200
Patrick Lauer wrote:
> > But generating that cache means running code, and one of the things
> > that code could do is modify every overlay distributed by the box in
> > question such that anyone using any of those overlays will run
> > arbitrary code whenever th
> > The metadata cache is "inert" in the sense that it isn't executable
> > code (and if anyone tries to execute it ... "You're doing it wrong"
> > comes to mind"), so adding it does not pessimize the situation.
>
> But generating that cache means running code, and one of the things
> that code co
On Sun, 21 Jun 2009 10:43:27 +0200
Patrick Lauer wrote:
> > > > How much do you trust the people running the overlays listed in
> > > > layman?
> > >
> > > VirtualBox.
> >
> > And how do you use VirtualBox to prevent one malicious person from
> > running arbitrary code on the system of anyone usin
On Saturday 20 June 2009 21:00:46 Ciaran McCreesh wrote:
> On Sat, 20 Jun 2009 20:40:17 +0200
>
> Patrick Lauer wrote:
> > > Have you thought about the security implications of this?
> >
> > Yes.
> >
> > > How much do you trust the people running the overlays listed in
> > > layman?
> >
> > Virtua
On Sat, 20 Jun 2009 20:40:17 +0200
Patrick Lauer wrote:
> > Have you thought about the security implications of this?
> Yes.
>
> > How much do you trust the people running the overlays listed in
> > layman?
>
> VirtualBox.
And how do you use VirtualBox to prevent one malicious person from
runnin
On Saturday 20 June 2009 20:22:22 Ciaran McCreesh wrote:
> On Sat, 20 Jun 2009 18:46:33 +0200
>
> Patrick Lauer wrote:
> > Generating the metadata cache isn't that expensive - it took about 45
> > minutes to initially check out almost everything layman provided and
> > then about an hour for the f
On Sat, 20 Jun 2009 18:46:33 +0200
Patrick Lauer wrote:
> Generating the metadata cache isn't that expensive - it took about 45
> minutes to initially check out almost everything layman provided and
> then about an hour for the first run. Consecutive runs should be much
> faster and can be run in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick Lauer wrote:
> The only issue I have found with this idea relates to eclasses - overriding
> in-tree eclasses to be precise. The problem there is that it invalidates in-
> tree metadata and potentially affects other overlays too. So that's a b
Just a FYI
On 20-06-2009 18:46:33 +0200, Patrick Lauer wrote:
> If I don't get distracted I might set up a proof of concept public
> rsync server providing the main repo plus all overlays I can throw in,
> but it'd have a low initial update frequency (6h to daily).
Note that the Prefix rsync tree
Hello everybody,
those of us using overlays might have noticed that they can seriously slow
down dependency calculation. This is mostly because of the lack of a metadata
cache.
For overlay maintainers providing a metadata cache is quite tricky because to
be really consistent and useful it'd hav
11 matches
Mail list logo
