[Piuparts-devel] Bug#884899: piuparts-master: piuparts-report should validate Packages hashes against Release
Andreas Beckmann
anbe at debian.org
Thu Dec 21 04:29:04 UTC 2017
Package: piuparts-master
Severity: important
As a protection against network problems piuparts-report should validate
the downloaded Packages and Sources files against the md5/sha* hashes in
the Release files. There is no point in verifying the Release signatures
(that is done by apt in the slave chroot anyway).
I had just observed that piuparts-report archived half a section after
it downloaded a partial Packages.xz due to some network problems. That
probably didn't result in a (ignored) download error.
piuparts-master could do the same, but the impact there will be much
smaller: it might not send out new work or discard the logfiles it
receives.
As a quick hack to limit the impact of network glitches we should limit
the archival to 1000 packages per section and piuparts-report run.
Andreas
More information about the Piuparts-devel
mailing list