[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 10 backports repo moved to archives



On Mon, Apr 15, 2024 at 11:55:22AM -0700, Zach Marano wrote:
>      What are the specific packages that Google wants from the backports
>      repo by default?  From my perspective, the primary reasons to enable it
>      are for backports kernels (which have historically provided a number of
>      performance and driver updates of interest to cloud customers) and for
>      cloud SDKs and tools.
> 
>    We don't actually rely on it for anything in GCE (for Debian 10 anyway).
>    This is more of a - what do we want to do with Debian LTS releases and
>    backports in cloud images question. Certainly there could be users who
>    depend on packages from a backports repo and since it was available during
>    the standard support phase, removing it could be considered a regression
>    for them.

Agreed.

>    The question for the moment is, do we change the Debian 10 LTS cloud
>    images to reference [4]archive.debian.org instead of [5]deb.debian.org for
>    the backports repo (and the same going forward for LTS releases). And in
>    doing so, is that going to cause infrastructure issues for
>    [6]archive.debian.org? Or, do we remove the backports repo config entirely
>    when a release enters the LTS phase and let users decide?

Archive.debian.org is actually fronted by fastly these days:

$ host archive.debian.org
archive.debian.org has address 151.101.66.132
archive.debian.org has address 151.101.130.132
archive.debian.org has address 151.101.194.132
archive.debian.org has address 151.101.2.132
archive.debian.org has IPv6 address 2a04:4e42::644
archive.debian.org has IPv6 address 2a04:4e42:600::644
archive.debian.org has IPv6 address 2a04:4e42:400::644
archive.debian.org has IPv6 address 2a04:4e42:200::644
archive.debian.org mail is handled by 0 .

So I don't think infrastructure concerns need to be a blocker.  A bigger
concern at this point is that the buster backports content is
effectively EOL, and not updated with security fixes, etc.  Enabling it
by default would expose customers to additional risk without making it
evident.

noah


Reply to: