Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files

To: debian-devel@lists.debian.org
Subject: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Mon, 29 Sep 2014 09:05:40 -0300
Message-id: <[🔎] 20140929120540.GC20150@khazad-dum.debian.net>
In-reply-to: <[🔎] 20140929115347.GD7184@smurf.noris.de>
References: <20140623155202.22464.62148.reportbug@heisenberg.scientia.net> <[🔎] 87zje23rq7.fsf@gkar.ganneff.de> <[🔎] 1411658470.4869.21.camel@scientia.net> <[🔎] 87k34riien.fsf@gkar.ganneff.de> <[🔎] 1411953785.28972.7.camel@scientia.net> <[🔎] 20140929110845.GA20150@khazad-dum.debian.net> <[🔎] 20140929115347.GD7184@smurf.noris.de>

On Mon, 29 Sep 2014, Matthias Urlichs wrote:
> > So, can we get now some alternative proposals that address the fact that
> > some mirrors need >48H validity, and many leaf mirrors really want at least
> > a week?
> 
> How about "Security updates are published on security.d.o, so _that_
> archive's validity might as well be 50h or so; anything else will have
> to live with at least two weeks' validity"?
> 
> A mirror who needs more than a day to sync up to our security archive
> deserves to lose.

Sure, 48H or 24H refresh requirements for anything that is mirroring s.d.o
is a restriction we could deploy.  But there's the DoS concern if there is a
problem refreshing s.d.o from ftp-master.  At least, s.d.o. is a lot more
controllable than the normal mirror network.

IMHO, s.d.o would be a very good place to start desining a more resilient
two-path system for.

Maybe we could get away with flooding the normal mirror network with a
delayed dump of s.d.o, so that you get fresh data from s.d.o, and it also
gets mirrored to the normal mirrors "soon" so that they can be used as
fallbacks?   This solution is s.d.o. specific, but might be worth thinking
about.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Joerg Jaspert <joerg@debian.org>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Joerg Jaspert <joerg@debian.org>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
  - From: Matthias Urlichs <matthias@urlichs.de>

Prev by Date: Fwd: open-axiom is marked for autoremoval from testing
Next by Date: MBF: libjpeg-turbo transition started (if you depend on libjpeg8-dev please read)
Previous by thread: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
Next by thread: Re: Bug#752450: ftp.debian.org: please consider to strongly tighten the validity period of Release files
Index(es):
- Date
- Thread