On Fri, Jan 26, 2001 at 08:04:21AM -0600, Mike Renfro wrote: > On Thu, Jan 25, 2001 at 08:51:07PM +0100, Martin Schulze wrote: > > > Please don't do that. Security updates should come *only* from > > security.debian.org. This was discussed a while, you should be > > able to find some blurb about it in the debian-devel archive, I > > guess. > > Personally, I'd rather not mirror it, but our bandwidth is almost > completely saturated 17-19 hours/day, so if I (or any other local > Debian-using people) want to get security updates during the day, a > local mirror updated nightly appeared to be the easiest option. > > What are my other options -- I have frequently had timeouts trying to > make updates from security.debian.org during the day. Assume the > people in charge of managing our bandwidth are doing all they can, and > the saturation problem isn't going away anytime soon. You're talking about a private mirror. That wasn't the original poster's intent (my reading anyway). I believe the point is that people shouldn't be retrieving security updates from "untrusted" sources. I can see the point, although there's not really a guarantee that security.debian.org is who they say they are :-) It seems to me that if you're willing to update machines from a local private mirror due to bandwidth or connectivity constraints, that's your perogative. Making that mirror publically accessible would violate the spirit of security.debian.org however ... -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Inc. | than a perfect plan tomorrow. mailto:nnorman@micromuse.com | -- Patton
Attachment:
pgpNaunVgd4A3.pgp
Description: PGP signature