Bug 7676

Summary: mkupdates produces different files with the same filenames causing issues with caching proxies
Product: Spamassassin Reporter: Simon Arlott <spamassassin.bugzilla.apache.simon>
Component: Website/InfrastructureAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: major    
Priority: P2    
Version: unspecified   
Target Milestone: Undefined   
Hardware: All   
OS: All   

Description Simon Arlott 2019-01-05 09:20:08 UTC
https://wiki.apache.org/spamassassin/InfraNotes2017 documents when mkupdates is run:

At 02:25 it "creates ${REVISION}.tar.gz ${REVISION}.tar.gz.sha1 and ${REVISION}.tar.gz.asc in /var/www/automc.spamassassin.org/updates for mirrors to pull"
At 08:30 it "creates ${REVISION}.tar.gz ${REVISION}.tar.gz.sha1 and ${REVISION}.tar.gz.asc in /var/www/automc.spamassassin.org/updates for mirrors to pull"

Several mirrors are not serving content directly, they're behind Cloudflare's caching proxy.

User A downloads "${REVISION}.tar.gz" and "${REVISION}.tar.gz.sha1" at 03:00. They have GPG checking disabled, probably because of this issue.
They get the content of the 02:25 files and everything works.

User B downloads "${REVISION}.tar.gz", "${REVISION}.tar.gz.sha1" and "${REVISION}.tar.gz.asc" at 09:00.
Cloudflare has cached "${REVISION}.tar.gz" and "${REVISION}.tar.gz.sha1". They get the content of 02:25 files.
No one has requested "${REVISION}.tar.gz.asc" so Cloudflare does not have it cashed. They get the content of the 08:30 files.

The content is different between the two runs of mkupdates but has the same filenames because the revision hasn't changed. I don't know why that is necessary or desirable but it does not interact well with caching proxies.

The workaround is to block access to Cloudflare, but then bug 7662 happens.