[Dev] Mirrors vulnerability issue, Many outdated installs in the wild
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Sun Feb 14 18:32:04 GMT 2016
On Sat, 13 Feb 2016 23:06:38 +0100
Denis 'GNUtoo' Carikli <GNUtoo at no-log.org> wrote:
Someone mentioned reflector to me on IRC:
> usage: Reflector.py [-h] [--connection-timeout n] [--list-countries]
> [--cache-timeout n] [--save <filepath>]
> [--sort {score,delay,rate,age,country}]
> [--threads n] [--verbose] [--info] [-a n] [-c <country>] [-f n]
> [-i <regex>] [-x <regex>] [-l n] [-n n] [-p
> <protocol>]
>
> retrieve and filter a list of the latest Parabola GNU/Linux-libre
> mirrors
>
> optional arguments:
> -h, --help show this help message and exit
> --connection-timeout n
> The number of seconds to wait before a
> connection times out.
> --list-countries Display a table of the distribution of
> servers by country.
> --cache-timeout n The cache timeout in seconds for the data
> retrieved from the Parabola GNU/Linux-libre Mirror Status API.
> The default is 300 (5 minutes).
> --save <filepath> Save the mirrorlist to the given path.
> --sort {score,delay,rate,age,country}
> Sort the mirrorlist. "score": MirrorStatus
> score; "delay": MirrorStatus delay; "rate": download rate;
> "age": last server synchronization; "country":
> server's location.
> --threads n The number of threads to use when rating
> mirrors. --verbose Print extra information to STDERR.
> Only works with some options.
> --info Print mirror information instead of a mirror
> list. Filter options apply.
>
> filters:
> The following filters are inclusive, i.e. the returned list will
> only contain mirrors for which all of the given conditions are met.
>
> -a n, --age n Only return mirrors that have synchronized in
> the last n hours. n may be an integer or a decimal number.
> -c <country>, --country <country>
> Match one of the given countries
> (case-sensitive). Use "--list-countries" to see which are available.
> -f n, --fastest n Return the n fastest mirrors that meet the
> other criteria. Do not use this option without other
> filtering options.
> -i <regex>, --include <regex>
> Include servers that match <regex>, where
> <regex> is a Python regular express.
> -x <regex>, --exclude <regex>
> Exclude servers that match <regex>, where
> <regex> is a Python regular express.
> -l n, --latest n Limit the list to the n most recently
> synchronized servers.
> -n n, --number n Return at most n mirrors.
> -p <protocol>, --protocol <protocol>
> Match one of the given protocols, e.g.
> "http", "ftp".
It's in libre/reflector 2015.12-1.parabola1 and uses python3.
If used by default:
-> Would the "base" package pull out many more dependencies?
-> Are the slower systems(very few RAM, slow storage) such as many ARM
boards still usable?
If all is fine, maybe pacman.conf could be tricked to use it.
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160214/d5dcaffe/attachment.sig>
More information about the Dev
mailing list