Received: from mail.cmpwn.com (mail.cmpwn.com [45.56.77.53]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 8DE22782C0D for <~alpine/devel@lists.alpinelinux.org>; Thu, 16 Jan 2020 15:19:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cmpwn.com; s=cmpwn; t=1579187942; bh=WBFOG97h1AeTde/X9ajwPsjtmtiTHi4psSRVHGJMc/4=; h=In-Reply-To:Date:From:To:Cc:Subject; b=bTDjy0jw3VoCA/ym9CXNR9966Z+0U9XkPlcsbZmDKYYYPXazgLklcHWHmZ6nsfNLO xiYZhhnHJ//tGj36t0/ZqxKT36snkbVX0xCTrtG2L+z3x5aVAsoVQZ4osw7aNJem/G hAjX5KMvoYTBFrF9qhJrKr+sONXdvfRCd7OiRliQ= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 In-Reply-To: <20200116154250.2b1d1fda@ncopa-desktop.copa.dup.pw> Date: Thu, 16 Jan 2020 10:18:20 -0500 From: "Drew DeVault" To: "Natanael Copa" Cc: "Timo Teras" , <~alpine/devel@lists.alpinelinux.org> Subject: Re: apk-tools plans Message-Id: On Thu Jan 16, 2020 at 3:42 PM, Natanael Copa wrote: > That is how current apk works, and is part of reason why it is > significantly faster than other package managers. In general, when the > other package managers are done with fetching the package and is about > to start unpack them, apk is already done with it all. "Move fast and break things" :) > What apk does is that it extracts each file into a temp file without > execute permissions until the signature is verified. If signature > matches it renames all the files in one go, or deletes on failure. > Rename and set permissions are very quick operation, while read/write > all the data once again is not. That makes more sense.