Posted Jul 17, 2008 3:59 UTC (Thu) by IkeTo (subscriber, #2122)
Parent article: Trust and mirrors
Hm... if the worry is simply that some mirrors never updates, distributions can simply have a
canonical address (like "last updated") and have everybody contact it to know what is the
current version of the canonical server. When one do an update, it checks whether the mirror
is too old, and if so, warns the user. "Endless" data can also be easily dealt with: the
distribution can organize to accompany each transfer with a leading fixed-length, signed
fields that contains the expected length of the package.
So essentially, if cryptography didn't solve your problem, just use more of it.