incubator-depot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark R. Diggory" <>
Subject Re: MD5 and Mirrors ( was Re: MD5 Hash )
Date Wed, 11 Feb 2004 17:37:10 GMT
Its a tough call, is there any "standard" for the structure of the md5 
contents out there? I think the Maven team would be keen to play along 
with a standard and yet play along with any configurability as well.

-Mark Diggory

Markus M. May wrote:
> Adam is perfectly right about this stuff. There is one more thing we need to
> think about. Some repositories treat md5-files different. The structure on
> is [filename - MD5 Hash]. But on ibiblio (maven-repository) it is
> just [MD5 Hash]. So this needs to be somehow configurable. 
> One more thing to think about :-)
>>Nick wrote:
>>>The MD5 should always come from the authoritative source (
>>>using https.
>>I'm not sure if all environments (JVMs) have HTTPS available. In a
>>perfect world we'd try HTTPS and if it failed try HTTP, unless some
>>security' was requested.
>>I think we'll have to experiment and experince this area over
>>>How are we going to know what the "authoritative" source for a resource
>>>For java we could enforce a reverse domain name.
>>Four things:
>>1) Repository URI/URL is what it is (whatever it is) and the URL for the
>>ought be the URL for the resources plus ".md5" on the end.
>>2) As current Ruper thinking (coding) goes ... Mirrors ought mirror the
>>hierarchy, so wherever a resource is in the repo, the .md5 ought be next
>>it, and the original .md5 ought be in exactly the same relative position
>>(just relative to an apache root).
>>3) Mirroring is kinda hacked into Ruper right now, it silently moves the
>>root of a repository (originally set relative to the mirror locator CGI
>>script) to one such mirror. As such Ruper doesn't really know about
>>4) We probably need to rethink current thinking... ;-)

Mark Diggory
Software Developer
Harvard MIT Data Center

View raw message