Re: When should we https our mirrors?
On Mon, 17 Oct 2016, Ian Campbell wrote:
> TL;DR: Would we now recommend deb.d.o over httpredir.d.o for production
> use e.g. in base images (including for Jessie)?
> On Sun, 2016-10-16 at 09:11 +0800, Paul Wise wrote:
> > httpredir.d.o is not well maintained
> There still seems to be general grumbling (including a persistent drip
> of CI failures and the odd end user bug report) at $dayjob about
> failures which are ultimately down to the use of httpredir in the base
> container images.
We get a few mails about the redirector failing at the mirrors@ address
every week. Very few get answered. :(
> > deb.d.o is backed by two commercial CDNs,
> Have we gotten to the point where we consider deb.d.o suitable for
> production use? The web page still says Experimental (so I would assume
> "not production yet") and I'm not really sure if there will be a
> distinction between >=Stretch and <=Jessie in this regards. It looks
> like Jessie and earlier get a fallback mode of operation, but is that
> mode of operation suitable to be recommended for production?
The fallback is not only needed for old apt versions but also for
clients behind webproxies that don't do SRV record lookups. (Which, at
a guess, would be all of them).
> If not deb.d.o then what would people recommend these days?
If you don't have a good local mirror (or you don't have a specific
local), I would recommend deb.debian.org these days.
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/