> >2: if you're using a cdn it can be an issue with caching (e.g. if the > >small and more likely to be cached SHA256.sig is cached at an older > >version > > Re. a "cached SHA256.sig": > > How does that work - a file pulled from download-server memory? That's > possible, on a machine offering downloads? ... Please: could someone > tell me I got that wrong? ... ;)
A caching proxy will serve content from a local cache and only so often check the backend if the original files have changed, and as said, probably different lifetimes for small files than large. So you get either a new SHA256 file and old TGZs, or vice versa served from the caches of the CDN. -- May the most significant bit of your life be positive.
