On Wed, Nov 25, 2020 at 2:59 PM Nish Aravamudan <nish.aravamu...@gmail.com> wrote: > > Hi! > > I have been testing a network-isolated Ubuntu mirror inside our network and I > am trying to understand if what I envision should work or not. > > In particular, I am trying to minimize how much review is needed for package > updates, so I would like to just include the release and security pockets. > However, I am finding a few package updates (in Bionic in my case, but I > think Focal may also have this problem) that only have fixes in the -updates > pocket. This prevents installation from succeeding with preseed. > > So far, I have seen apt-setup, but debootstrap and base-installer both need > some adjustment for my test environment. > > Should we require -updates as well?
Actually it's the security pocket that is optional. It is a fast track to access SRUs that happen to also contain security fixes at the fastest speed possible, with automatic download & upgrades by default via a direct connection to security.ubuntu.com. When a new security update is prepared, it is based on package version in updates; security; or release pocket in that order. Because security update is mandatory to install, and it must not regress any fixes that already were present in either updates/security/release. And then the security update is published into both updates & security pockets on archive.ubuntu.com & mirrors, as well as onto security.ubuntu.com host. As it must supersede everything. When mirroring, we recommend for people to mirror release & updates pockets. And we advise people to keep security.ubuntu.com $suite-security archive config as is. This way all machines can access security updates via a separate endpoint directly. This insures that if the private mirror is lagging, the critical security updates still get through to the end-users. If you must mirror security.ubuntu.com $suite-security, please ensue it is a separate mirror too. Such that resiliency remains to access security-updates even if the stock mirror for updates is down for maintenance. -- Regards, Dimitri. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss