Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
On Fri, 26 Sep 2014, Paul Wise wrote:
> On Thu, Sep 25, 2014 at 11:21 PM, Christoph Anton Mitterer wrote:
>
> > Well I think snapshot is it's own construction site, isn't it?
>
> snapshot is a read-only (modulo cosmic rays and removal of
> non-redistributable things) historical record, files in it will not be
> modified to re-sign with newer keys nor to update Valid-Until.
That doesn't mean one couldn't consider providing an overlay of sorts,
that provides re-signed release files if the original ones verified.
Under a different path obviously. We could look at patches if they
somehow appeared.
> Updating the Release files more often will simply mean slightly more
> disk space used for the extra Release files. Depending on the update
> frequency, the quantity of data is probably too little to make any
> significant difference in the disk usage of the snapshot service so
> nothing to worry about IMO.
Right, I don't think the additional space of 4 or 10 more Release files
a day are an issue.
However, it seems unsmart to bet on ftp-master or security-master never
being offline longer than a few hours. We do not have the set-up to
guarantee that kind of high availability.
Thus, I think significantly shortening validity times is a Very Bad
Idea.
Cheers,
weasel
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: