[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: When should we https our mirrors?

On Sunday, October 16, 2016, Aron Xu <happyaron.xu@gmail.com> wrote:

On Sunday, October 16, 2016, Paul Wise <pabs@debian.org> wrote:
On Sun, Oct 16, 2016 at 3:25 AM, Tollef Fog Heen wrote:

> Doing this for the per-country mirrors means that repointing mirrors
> becomes a lot harder than it currently is, and this is something we do
> on a daily basis.  We'd need a solution for deploying the TLS cert for,
> say, ftp.de.d.o to ftp.se.d.o (or ftp.d.o) if ftp.d.o is down for
> maintenance.

I never really liked the per-country mirrors being under debian.org,
redirectors would be a better option. I think we really need to
redesign the apt archive namespace for Debian.

Yeah but at the risk of making it broken like pypi and npm to quite some people including me.

To make it clear, content delivery systems used by pypi and npm don't work for many people in China because:

1) Major global CDN providers don't have decent services in the country (except akamai and cloudflare but need special contract);

2) BGP based network topology discovery never work because eBGP routing is not widely deployed for subscriber network;

There's more to mention for Debian:

3) cdn.debian.net / httpredir.d.o tend to exclude local mirrors because of the synchronization delays are much higher than in EU/US, even current ftpX.cn.d.o would easily exceed the tolerance of redirecting software.


Reply to: