Re: [SECURITY] [DSA 3547-1] imagemagick security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3547-1] imagemagick security update
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Wed, 13 Apr 2016 09:49:09 -0300
Message-id: <[🔎] 1460551749.3670478.577505009.3801D6D2@webmail.messagingengine.com>
In-reply-to: <[🔎] 20160413065041.GX26457@sarek.noreply.org>
References: <E1aphGE-00013G-F0@seger.debian.org> <[🔎] 570CDA55.5010200@iinet.net.au> <[🔎] 2095627.V5bhYdRjE7@box> <[🔎] 570D0957.9030400@iinet.net.au> <[🔎] 492b72a4f9f047e86c833cdfe1cc9f1d@mail.adam-barratt.org.uk> <[🔎] 2b2dffb144ef90ca9581ba678442f970@mail.adam-barratt.org.uk> <[🔎] 570DDCA7.7040708@iinet.net.au> <[🔎] 20160413065041.GX26457@sarek.noreply.org>

On Wed, Apr 13, 2016, at 03:50, Peter Palfrader wrote:
> We can identify at least four causal factors.  Probably more, if we
> look a bit further.
>  (1) The scripts Debian uses to mirror repositories treat the mirroring
>      hierarchy as a tree.  The failure of any node or link will cause
>      the subtrey(s) under the failed component to not receive updates.
>  (2) There is an ongoing network outage between where the australian
>      mirror is and its upstream mirror in the US.
>  (3) The scripts that automatically update the security rotation only
>      check if a server is online and responds to http requests - it
>      does not check if a mirror is current.
>  (4) The nagios warning was missed in all the noise, and the relevant
>      teams are overworked and busy.

Thank you for that information.

If we ever manage to fix (3), this would alleviate most of my worries
over a single mirror being returned in the geo-ip RRSET for some areas
of the Internet.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique de Moraes Holschuh <hmh@debian.org>

Reply to:

References:
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: Bjoern Nyjorden <brn@iinet.net.au>
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: Luciano Bello <luciano@debian.org>
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: Bjoern Nyjorden <brn@iinet.net.au>
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: Bjoern Nyjorden <brn@iinet.net.au>
- Re: [SECURITY] [DSA 3547-1] imagemagick security update
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: Re: [SECURITY] [DSA 3547-1] imagemagick security update
Next by Date: Re: [SECURITY] [DSA 3547-1] imagemagick security update
Previous by thread: Re: [SECURITY] [DSA 3547-1] imagemagick security update
Next by thread: Re: [SECURITY] [DSA 3547-1] imagemagick security update
Index(es):
- Date
- Thread