On Tue, Sep 18, 2007 at 08:57:37AM +0100, Mark Hindley wrote: > I have just taken over maintaining apt-cacher. > > This is obviously a major problem that was not envisaged by the > design of apt-cacher. > > I am wondering if we can get round it by running separate apt-cacher > daemons on different ports with different caches using different > upstream for ubuntu and debian.
I do this. It avoids the immediate problem of ACCIDENTAL name clashes between Ubuntu and Debian, but does not prevent a malicious user from inserting their own packages into apt-cacher's cache. > We could use the allowed_locations option to limit which repository > was available through each daemon and avoid cross pollution. > > I think I might need to change some of the allowed_locations code to > make this work properly > > Thoughts? I would prefer some way for apt-cacher to either deduce or be explicitly told which repositories that it's proxying for can safely be "merged". For example, it could have a hard-coded list of all Debian primary and secondary mirrors and know that these can share the same cache, but that it needs to store archive.ubuntu.com elsewhere on disk. The advantage of this method is that only "whitelisted" sharing happens, so if a new distribution turns up tomorrow the admin doesn't need to set up yet another instance of apt-cacher on another port. This approach would require reorganizing the disk layout.
signature.asc
Description: Digital signature
