It may get too heavy to not mirror the security update packages.
Why don't we put signature verification into apt and dpkg and mirror
everything ?
And perhaps have a tool that checks a bunch of known mirrors for
discrepencies in the keyring packages ?
And have a single URL, location aware, load balancing server ? :)
(I know we've been through this before. I just had a brainwave and
wanted to see if anyone was interested in doing the above. Sorry for the
lack of realism, but not for the extra zeal)
GBY
Tal Danzig wrote:
There are no mirrors of security.debian.org (or shouldn't be)
for security reasons.
This way the authenticity of security packages can be better controlled.
- Tal