[Hamara-devel] discussion about decreasing packaging overhead in debian

Jonas Smedegaard dr at jones.dk
Thu Nov 19 13:57:37 GMT 2015 

Quoting Vikas Tara (2015-11-19 14:17:37)
> On 19/11/15 12:40, Jonas Smedegaard wrote:
>> Quoting Vikas Tara (2015-11-19 12:56:43)
>>> Am thinking of an apt repo that can be downloaded from us as a usb 
>>> image. It should be signed with our keys so that hamara 
>>> installations that update from such a medium, ought to complain if 
>>> it's been tampered with.
>> Ah, so you don't wanna encourage folks to _create_ repos but instead 
>> to mirror _your_ repo.  Makes sense.
>>
>> How will you then handle security updates?
> Periodically update the usb image - I think we can automate that 
> pretty easily. Monthly drops maybe?

Pooling updates together works well for feature fixes/improvements, but 
for security fixes would leave your users vulnerable for up to 29 days!


>>>> A safer option is to use a proxy - I use approx when in bandwidth 
>>>> limited - or even completely offline - environments.
>>> Yeah - works too - but might require the user to have greater 
>>> expertise?
>> A proxy requires someone to set it up.  Just as a custom-composed 
>> signed repo requires someone to set it up.  That someone can be a 
>> skilled user, or a non-skilled user with distributor-provided 
>> user-friendly wrappers.
>>
>> I recommend proxy because it is generic, so if some (you?) created 
>> e.g. an LXDE GUI interface to flushing stale proxy data and injecting 
>> new packages from untrusted sources like USB sticks, then that work 
>> would instantly be usable globally, not unique to one distributor.
>>
>> You might also consider apt-offline - and its GUI apt-offline-gui.
> Yeah - I like that idea!

Which one? inventing a proxy GUI, or using existing apt-offline GUI?

If the former, then here's what I think would be needed:

  Information:
  * space used (df -h --output=pcent /var/cache/approx/ | tail -n 1)
  * mode (check $offline in /etc/approx/approx.conf)

  Actions:
  * go offline (enable $offline in /etc/approx/approx.conf)
  * go online (disable $offline in /etc/approx/approx.conf)
  * supercharge (file chooser to pick dir → approx-import)
  * purge (approx-gc -f)
  * reset (rm -rf /var/cache/approx/*)


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.hamaralinux.org/pipermail/hamara-devel/attachments/20151119/4ae7d8b3/attachment.sig>

More information about the Hamara-devel mailing list