Re: Scalability of OSTree

On Fri, Dec 4, 2015, at 03:28 AM, Alexander Larsson wrote:
On tor, 2015-12-03 at 15:21 -0800, Jasper St. Pierre wrote:
Interesting. There are other issues with the summary file for us (all
branches being public), and we expect to scale significantly in the
future, so having an ever-growing file the client has to download
isn't particularly appealing.

Is there anything the summary file does that couldn't be better
approached through per-branch files in the repo itself?

Well, the main point of a summary file is that it gives you a way to
enumerate all branches on a dumb http server. I don't actually know why
we need to read the summary file at all if you pull only a single named

Another intended use case was GPG signatures on static deltas.  While
thanks to you we do now also support per-object verification, the I think
it's a lot stronger from a security perspective to do the verification
before parsing the delta at all (particularly for things like bsdiff).

The analogy is that summary file is like rpm-md (yum) repomd.xml.
That can be GPG signed, and doing so has a lot of advantages
over per-RPM signatures (see )

Maybe we could introduce a third variant where the delta header
is detached signed...but things are already complex in this area,
and what I'd hoped to achieve with the signed summary file
was easy to audit and manage GPG signature covering a whole

For internet updates, I do think pinned TLS plus per-commit
signatures provides a good balance.  That would mean for
static deltas we aren't doing GPG verification, but it'd
still be available offline via `ostree show` etc.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]