[Dev] Mirrors vulnerability issue, Many outdated installs in the wild

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Sun Feb 14 18:32:04 GMT 2016

On Sat, 13 Feb 2016 23:06:38 +0100
Denis 'GNUtoo' Carikli <GNUtoo at no-log.org> wrote:

Someone mentioned reflector to me on IRC:
> usage: Reflector.py [-h] [--connection-timeout n] [--list-countries]
>                     [--cache-timeout n] [--save <filepath>]
>                     [--sort {score,delay,rate,age,country}]
> [--threads n] [--verbose] [--info] [-a n] [-c <country>] [-f n]
>                     [-i <regex>] [-x <regex>] [-l n] [-n n] [-p
> <protocol>]
> retrieve and filter a list of the latest Parabola GNU/Linux-libre
> mirrors
> optional arguments:
>   -h, --help            show this help message and exit
>   --connection-timeout n
>                         The number of seconds to wait before a
> connection times out.
>   --list-countries      Display a table of the distribution of
> servers by country.
>   --cache-timeout n     The cache timeout in seconds for the data
> retrieved from the Parabola GNU/Linux-libre Mirror Status API.
>                         The default is 300 (5 minutes).
>   --save <filepath>     Save the mirrorlist to the given path.
>   --sort {score,delay,rate,age,country}
>                         Sort the mirrorlist. "score": MirrorStatus
> score; "delay": MirrorStatus delay; "rate": download rate;
>                         "age": last server synchronization; "country":
>                         server's location.
>   --threads n           The number of threads to use when rating
> mirrors. --verbose             Print extra information to STDERR.
> Only works with some options.
>   --info                Print mirror information instead of a mirror
> list. Filter options apply.
> filters:
>   The following filters are inclusive, i.e. the returned list will
> only contain mirrors for which all of the given conditions are met.
>   -a n, --age n         Only return mirrors that have synchronized in
> the last n hours. n may be an integer or a decimal number.
>   -c <country>, --country <country>
>                         Match one of the given countries
> (case-sensitive). Use "--list-countries" to see which are available.
>   -f n, --fastest n     Return the n fastest mirrors that meet the
> other criteria. Do not use this option without other
>                         filtering options.
>   -i <regex>, --include <regex>
>                         Include servers that match <regex>, where
> <regex> is a Python regular express.
>   -x <regex>, --exclude <regex>
>                         Exclude servers that match <regex>, where
> <regex> is a Python regular express.
>   -l n, --latest n      Limit the list to the n most recently
> synchronized servers.
>   -n n, --number n      Return at most n mirrors.
>   -p <protocol>, --protocol <protocol>
>                         Match one of the given protocols, e.g.
> "http", "ftp".

It's in libre/reflector 2015.12-1.parabola1 and uses python3.
If used by default:
-> Would the "base" package pull out many more dependencies?
-> Are the slower systems(very few RAM, slow storage) such as many ARM
   boards still usable?

If all is fine, maybe pacman.conf could be tricked to use it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160214/d5dcaffe/attachment.sig>

More information about the Dev mailing list