[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cron-apt and security.debian.org

Ola Lundqvist wrote:

First, let me say that I really like cron-apt.  It rocks!

> If it is a problem I'll randomize the cron file.

I don't think it is just security but any of the sites could be
overloaded by many cron-apt users all going off at once.  I always
randomize the cron-apt time after I install it.  I am hitting my own
mirror and I can create a huge impulse spike if I hit it all at once.
I can't imagine the load the external mirrors must be seeing.  But
randomizing spreads out the load.  I would really prefer if it were
randomized by default because then I would need no post install
customization and could just load it and go.

I don't think you need to randomize the crontab itself.  That would be
inconvenient since the file would be different on each machine and a
conffile at that.  But instead put a random delay in the script based
upon a configuration.  Then there is no change in the current crontab.
Only a change in the script and config file.

This is what I would like to see.  In /etc/cron-apt/config have a
setting to avoid using the random delay but have it enabled by
default.  Better to design that feature in because someone will want
it differently.  Then in the cron script itself, unless random delay
is disabled, have something like this.

  sleep $(expr $RANDOM % 3600)

Since the crontab is using local time it only needs to be randomized
within the hour.  Across the world this would spread the load out by
timezone and across the hour of the timezone.  I think.  A first stab
at a solution to this problem.


Attachment: pgpAbkjQlTIND.pgp
Description: PGP signature

Reply to: