Re: Scalability of OSTree



I think that makes sense, but since a "repo" in our / xdg-app's case
might contain thousands if not hundreds of thousands of branches (some
of our internal talk has been assuming stuff like ~100 new branches a
week), it seems like OSTree isn't designed to work well for the scale
we need.

I think we'll work on an independent system for shipping content to
users. Thanks.

On Fri, Dec 4, 2015 at 7:29 AM, Colin Walters <walters verbum org> wrote:


On Fri, Dec 4, 2015, at 03:28 AM, Alexander Larsson wrote:
On tor, 2015-12-03 at 15:21 -0800, Jasper St. Pierre wrote:
Interesting. There are other issues with the summary file for us (all
branches being public), and we expect to scale significantly in the
future, so having an ever-growing file the client has to download
isn't particularly appealing.

Is there anything the summary file does that couldn't be better
approached through per-branch files in the repo itself?

Well, the main point of a summary file is that it gives you a way to
enumerate all branches on a dumb http server. I don't actually know why
we need to read the summary file at all if you pull only a single named
branch.

Another intended use case was GPG signatures on static deltas.  While
thanks to you we do now also support per-object verification, the I think
it's a lot stronger from a security perspective to do the verification
before parsing the delta at all (particularly for things like bsdiff).

The analogy is that summary file is like rpm-md (yum) repomd.xml.
That can be GPG signed, and doing so has a lot of advantages
over per-RPM signatures (see http://theupdateframework.com/ )

Maybe we could introduce a third variant where the delta header
is detached signed...but things are already complex in this area,
and what I'd hoped to achieve with the signed summary file
was easy to audit and manage GPG signature covering a whole
repo.

For internet updates, I do think pinned TLS plus per-commit
signatures provides a good balance.  That would mean for
static deltas we aren't doing GPG verification, but it'd
still be available offline via `ostree show` etc.
_______________________________________________
ostree-list mailing list
ostree-list gnome org
https://mail.gnome.org/mailman/listinfo/ostree-list



-- 
  Jasper


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]