Re: first A record of security.debian.org extremely slow

To: debian-security@lists.debian.org
Subject: Re: first A record of security.debian.org extremely slow
From: Tomasz Papszun <tomek-deb_sec@lodz.tpsa.pl>
Date: Mon, 6 Mar 2006 14:37:51 +0100
Message-id: <[🔎] 20060306133751.GL24262@lodz.tpsa.pl>
In-reply-to: <[🔎] 20060306104942.GA14659@cobalt0.panici.net>
References: <[🔎] 87acc9j0dq.fsf@mid.deneb.enyo.de> <[🔎] 44061B6B.6030603@strategicdata.com.au> <[🔎] 87lkvsk6nr.fsf@mid.deneb.enyo.de> <[🔎] 20060302213616.GB1818@torres.l21.ma.zugschlus.de> <[🔎] 87lkvsfqhz.fsf@mid.deneb.enyo.de> <[🔎] 20060303064419.GA9960@torres.l21.ma.zugschlus.de> <[🔎] 20060303101129.GA3097@afrika.vzsze.de> <[🔎] 20060303101352.GC11749@torres.l21.ma.zugschlus.de> <[🔎] 20060303155523.GA26958@javifsp.no-ip.org> <[🔎] 20060306104942.GA14659@cobalt0.panici.net>

On Mon, 06 Mar 2006 at 10:49:45 +0000, paddy wrote:
> On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Pe?a wrote:
> > 
> > I don't believe it does. Cron-apt is a pull mechanism (download the
> > latest packages, check if there are upgrades and notify the admin). 
> > A mail filter which parses the DSAs and tells people to update is a push
> > mechanism. 
> > 
> > Notice that in the later (push) you could have somebody review if the
> > update is critical enough, or only tell systems to upgrade once the patch
> > has been tested internally. That seems easier to me than, in the pull system,
> > set up an intermediate mirror of security.debian.org with *approved* updates,
> > have the systems update automatically and have a sysadmin move the updates
> > from the official mirror over to that internal mirror based on whether the
> > update is critical or not.
> > 
> > Also, in my mind's view, a push mechanism is bound to be more effective than
> > probing the security mirror daily and could also be capable of narrowing the
> > time between patch release and installation (if automated) since you don't
> > have to wait for a given point in time to make the check.
> 
> Perhaps freshclam's dns based mechanism may also be of interest as a point 
> of comparison ? (I'm sorry I'm not able to describe it in detail off the top
> of my head, but the paralell seems obvious)
> 

In case it's of any help, there's some documentation on how ClamAV
mirrors are set - at  http://www.clamav.net/doc/mirrors/ .

HTH
-- 
 Tomasz Papszun    SysAdm @ TP S.A. Lodz, Poland    | And it's only
 tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 tomek at clamav.net   http://www.ClamAV.net/   A GPL virus scanner

Reply to:

References:
- Re: first A record of security.debian.org extremely slow
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: first A record of security.debian.org extremely slow
  - From: Geoff Crompton <geoff.crompton@strategicdata.com.au>
- Re: first A record of security.debian.org extremely slow
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: first A record of security.debian.org extremely slow
  - From: Marc Haber <mh+debian-security@zugschlus.de>
- Re: first A record of security.debian.org extremely slow
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: first A record of security.debian.org extremely slow
  - From: Marc Haber <mh+debian-security@zugschlus.de>
- Re: first A record of security.debian.org extremely slow
  - From: Rolf Kutz <kutz@netcologne.de>
- Re: first A record of security.debian.org extremely slow
  - From: Marc Haber <mh+debian-security@zugschlus.de>
- Re: first A record of security.debian.org extremely slow
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: first A record of security.debian.org extremely slow
  - From: paddy <paddy@panici.net>

Prev by Date: Re: first A record of security.debian.org extremely slow
Next by Date: Re: first A record of security.debian.org extremely slow
Previous by thread: Re: first A record of security.debian.org extremely slow
Next by thread: Re: first A record of security.debian.org extremely slow
Index(es):
- Date
- Thread