On Mon, Apr 25, 2005 at 03:14:41PM +0200, Martin Schulze wrote: > Steve Langasek wrote: > > > > > I wonder if snapshot shouldn't be promoted to an official > > > > > debian.*org* > > > > > service in recognition of its value to the project.
> > > > One concern I have, personally, is over precisely how much value
> > > > snapshot.d.n provides to the *project*, as opposed to providing value to
> > > > others outside the project. Since DDs have access to recently removed
> > > > packages via the morgue on merkel (albeit not indexed nicely the way
> > > > snapshot.d.n currently is), I really wonder if this service should be a
> > > > priority for Debian to spend money on while our ports and other areas of
> > > > core infrastructure are in a state of disarray (IMHO).
> > > The snapshot service is very valuable when it comes to checking older
> > > versions of packages. For example, it is a very, very good help for
> > > doing security work when older package versions need to be reviewed.
> > Out of curiosity, do you have a sense of how long after a package is dropped
> > from the archive that it ceases being useful to you for security research?
> At least as long as the package is in at least one of {oldstable,
> stable, testing, unstable, experimental}. However, since there are
> only rare cases of me dealing with removed packages, I can't rely on
> experience.
Sorry, I guess I wasn't clear. When I said "dropped from the archive", I
meant the particular version of the package, not the package as a whole.
> > According to <http://snapshot.debian.net/du/df.png>, it's already exceeded
> > 1.2TB. That sounds to me like it would be one of the larger direct hardware
> > purchases ever made by the project, so I do think it's a good idea to ask
> > how much of this history is truly needed by the project -- the open-ended
> > 1.2TB and growing of snapshot.d.n, or something more modest, like the 60GB
> > used by the morgue?
> Having source packages available indefinitively would be good. When
> it comes to space problems, maybe dropping binary packages when the
> version is older than what is in (old)oldstable currently would be an
> option.
At the current rate, that would suggest 3-4TB of usage total... that seems
excessive to me, but if you say all of this data is potentially useful to
you, then I accept that.
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
