Re: first A record of security.debian.org extremely slow
On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Peña wrote:
> On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote:
> > On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
> > > You can trigger the update via ssh or wget.
> >
> > The entire scheme strikes me as reinventing a mechanism which has been
> > existing for years now, being called cron-apt.
>
> I don't believe it does. Cron-apt is a pull mechanism (download the
> latest packages, check if there are upgrades and notify the admin).
> A mail filter which parses the DSAs and tells people to update is a push
> mechanism.
>
> Notice that in the later (push) you could have somebody review if the
> update is critical enough, or only tell systems to upgrade once the patch
> has been tested internally. That seems easier to me than, in the pull system,
> set up an intermediate mirror of security.debian.org with *approved* updates,
> have the systems update automatically and have a sysadmin move the updates
> from the official mirror over to that internal mirror based on whether the
> update is critical or not.
>
> Also, in my mind's view, a push mechanism is bound to be more effective than
> probing the security mirror daily and could also be capable of narrowing the
> time between patch release and installation (if automated) since you don't
> have to wait for a given point in time to make the check.
Perhaps freshclam's dns based mechanism may also be of interest as a point
of comparison ? (I'm sorry I'm not able to describe it in detail off the top
of my head, but the paralell seems obvious)
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
Reply to: