On Fri, 2004-10-22 at 03:36 +0200, Tobias Hertkorn wrote: > a request for http://yourserver/testing/..../apache....deb will not create a > hit if requested as http://yourserver/sid/..../apache...deb . Furthermore > requests to similar mirrors will not create cache hits. So everybody has to > use the same sources list, down to the same requests by symlinks.
Yep, that's annoying and it's one of the reasons for the flat cache design in apt-cacher: if clients fetch the same package from different mirrors it will cause a cache hit since the package names are the same. However, something that was raised at Debian Miniconf2 (IIRC) was that this allows cache poisoning: by creating a compromised package and sticking it on any random web server, a cracker can then fetch the package themselves through the cache and any user who subsequently fetches it (even using a genuine mirror in the sources.list) will get the poisoned package. Good argument for package signatures. Cheers :-) Jonathan Oxer -- The Debian Universe: Installing, managing and using Debian GNU/Linux http://www.debianuniverse.com/
