On 2025-08-11, jslee <openbsd.li...@internetemails.net> wrote: > Like having unique stable paths for file versions, so that the > contents change, so does the URL,
I proposed something similar in the past but I think it was too complicated. > and then the CDN can cache each version forever. Snapshots rotate ~250GB every few days and a further 100 or so every week or two and it's not going to be accessed beyond a few days/weeks so I don't think much is going to get cached. > I assume this would require breaking changes to pkg_* tools and awho > knows how many users’ other machinery and thus a very unpleasant idea. It could be done with a non-breaking change (redirect on the server side, and have pkg_add use the redirected URL directly in subsequent fetches) but it would mean passing information from build/signing over to mirrors to have the redirect updated. It could also be done with a CGI to return the current path from some URL but that wouldn't work for traditional mirrors, and we don't really want active content on the main openbsd distribution sites. > cdn.openbsd.org appears to be on Fastly. Does the build machinery use > their API to submit invalidations for updated content? No. It's too complicated with the build/signing/output pipeline. It's on a short ttl for snapshots but that's all. For releases, the files don't change. For packages-stable, existing files do get re- signed but the contents within the wrapper don't change so they're equivalent so it doesn't matter which version you get. The main problem there is with fetches of the directory listing being cached so there can be a slight delay in clients noticing newly available files but it's not too bad. IMHO: For snapshots: CDN makes very little sense for rapidly changing (in the order of 2 days) files accessed by probably at most a few dozen users around the world, often behind different CDN endpoints, you're really not going to get a lot cached locally. Maybe a bit more cached at the cdn shield node in Canada but connectivity from there to the origin server isn't too bad anyway. For releases: I think it does make sense around release time but that's about it. Unless you're somewhere where your nearby CDN endpoint has better connectivity to Canada than you have to your nearest 'real' mirror then you're not going to get much out of it at all other than not having to think about what URL to type. -- Please keep replies on the mailing list.
