Re: WTF: Debian security, ex. Linux kernel vulnerabilities
Andreas Barth [EMAIL PROTECTED] writes: * Bob Tanner ([EMAIL PROTECTED]) [050920 16:39]: Same here. Reach out to the community and let us help. Well, the basic problem with mirrors is: * How can we be sure that all mirrors are synced _very_ fast? We will probably get more negative feedback if some mirrors are delayed by more than 10 minutes (and some of our normal mirrors are _way_ worse). Send the announcement more than 10 minutes after the mirror pulse. * How do we make sure that potential issues can be fixed fast enough? Put the mirror and security.d.o into the sources.list. That way apt-get fixes the usual issues itself by falling back to the root if needed. This also solves the unmentioned How can I be sure the mirror is current issue. Of course, none of these questions is unsolveable, and there are currently discussions underway how we can do it sensible, but it's not as trivial as one might hope in the beginning of that discussion. Still, thank you very much for your offer (and I really hope that we can make use of the mirroring offters one day). Cheers, Andi MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
On Tue, Sep 20, 2005 at 03:50:14PM +0200, Andreas Barth wrote: s.d.o is not offline, just the full bandwith is used by people downloading a security update. Do we need mirrors for security.debian.org? I would be happy to host such a mirror if debian-security would want it. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
* Steinar H. Gunderson ([EMAIL PROTECTED]) [050920 16:21]: On Tue, Sep 20, 2005 at 03:50:14PM +0200, Andreas Barth wrote: s.d.o is not offline, just the full bandwith is used by people downloading a security update. Do we need mirrors for security.debian.org? I would be happy to host such a mirror if debian-security would want it. Including your offer, there are at least 4 offers I know of as of now. And if we ask, I'm pretty sure we're able to get much more. Cheers, Andi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
On Tuesday 20 September 2005 09:00 am, Steinar H. Gunderson wrote: On Tue, Sep 20, 2005 at 03:50:14PM +0200, Andreas Barth wrote: s.d.o is not offline, just the full bandwith is used by people downloading a security update. Do we need mirrors for security.debian.org? I would be happy to host such a mirror if debian-security would want it. Same here. Reach out to the community and let us help. -- Bob Tanner [EMAIL PROTECTED] | Phone : (952)943-8700 http://www.real-time.com, Minnesota, Linux | Fax : (952)943-8500 Key fingerprint = AB15 0BDF BCDE 4369 5B42 1973 7CF1 A709 2CC1 B288 pgpD9udrlJwq2.pgp Description: PGP signature
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
On Tue, Sep 20, 2005 at 04:23:14PM +0200, Andreas Barth wrote: * Steinar H. Gunderson ([EMAIL PROTECTED]) [050920 16:21]: On Tue, Sep 20, 2005 at 03:50:14PM +0200, Andreas Barth wrote: s.d.o is not offline, just the full bandwith is used by people downloading a security update. Do we need mirrors for security.debian.org? I would be happy to host such a mirror if debian-security would want it. Including your offer, there are at least 4 offers I know of as of now. And if we ask, I'm pretty sure we're able to get much more. Some of the mirrors are mirroring security already. Take one of my home mirrors for example: ftp.kulent.kuleuven.ac.be, they have a debian-security directory that, upon inspection, looks like real security. No, I don't use it as security since it's unofficial. I suspect however it is their own way of apt-proxying security for themselves (they have a lot of hosts afaik). If this was made official in some way I'd be more then happy to use a mirror. Greetigs Floris -- Debian GNU/Linux -- The power of freedom www.debian.org | www.gnu.org | www.kernel.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
* Bob Tanner ([EMAIL PROTECTED]) [050920 16:39]: Same here. Reach out to the community and let us help. Well, the basic problem with mirrors is: * How can we be sure that all mirrors are synced _very_ fast? We will probably get more negative feedback if some mirrors are delayed by more than 10 minutes (and some of our normal mirrors are _way_ worse). * How do we make sure that potential issues can be fixed fast enough? Of course, none of these questions is unsolveable, and there are currently discussions underway how we can do it sensible, but it's not as trivial as one might hope in the beginning of that discussion. Still, thank you very much for your offer (and I really hope that we can make use of the mirroring offters one day). Cheers, Andi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
Andreas Barth schrieb/wrote/a écrit/escribió: Well, the basic problem with mirrors is: * How can we be sure that all mirrors are synced _very_ fast? We will probably get more negative feedback if some mirrors are delayed by more than 10 minutes (and some of our normal mirrors are _way_ worse). Don't let primary mirrors pull, push the updates to them. signature.asc Description: Digital signature
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
Don't let primary mirrors pull, push the updates to them. There's a new idea. Please, believe that there are people working on the problem. It's a question of getting agreements in place and logistics and timing and other essentially non-technical issues. A long thread full of suggestions for how to fix things which probably isn't going to be read by the people in a position to fix things (because they're already aware of how to do it) isn't really going to help. If people want to discuss it for their own amusement, fine, have at it--but don't get pissed if the thread doesn't seem to get a lot of attention. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
In article [EMAIL PROTECTED] you wrote: Don't let primary mirrors pull, push the updates to them. Make the mirrors simple reverse http caches for the packages. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
Andreas Barth [EMAIL PROTECTED] writes: * Bob Tanner ([EMAIL PROTECTED]) [050920 16:39]: Same here. Reach out to the community and let us help. Well, the basic problem with mirrors is: * How can we be sure that all mirrors are synced _very_ fast? We will probably get more negative feedback if some mirrors are delayed by more than 10 minutes (and some of our normal mirrors are _way_ worse). Maybe using a http-proxy cache hierachy? Any missing file on a mirror will be retrieved immediately. You'll have full control on the sync rate by tuning the freshness of the indexes. Using squid or some other proxy as a web frontend will also remove the load generated by x apache threads, if that is ever a problem... Bjørn
Re: WTF: Debian security, ex. Linux kernel vulnerabilities
On Tue, Sep 20, 2005 at 04:00:23PM +0200, Steinar H. Gunderson wrote: X-Mitch IT-MailScanner: Found to be clean X-MailScanner-From: [EMAIL PROTECTED] On Tue, Sep 20, 2005 at 03:50:14PM +0200, Andreas Barth wrote: s.d.o is not offline, just the full bandwith is used by people downloading a security update. Do we need mirrors for security.debian.org? I would be happy to host such a mirror if debian-security would want it. And so am i .. Greetz, Michel van der Klei http://www.mitch-it.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]