Debian mirror size

 Hello everyone,
I have setup debian mirror using official archvsync script suite. Mirrored architectures are: all source i386 amd64. The rest of config for ftp-sync is kept on default values. Everything seems to work fine - only problem is that the mirror is too small, at least according to this website: 'www.debian.org/mirror/size'. Sum of sizes for these architectures is 1488GiB (give or take, data are changing every day), but I have only 930GiB stored on disk dedicated for mirror. There is no filesystem level encryption involved (ext4) or anything like that. There should be no problem with master mirror (ftp.debian.cz), since I have tried multiple different ones with no difference. Are installation image sizes included in these architecture sizes? If not, what makes the difference?

And one last thing - everywhere is recommended not to sync 'security.debian.org/debian-security' for security reasons. I understand why, but are packages in this repository rotated into regular debian repository after a while? Just curious, since I do have some offline machines I update from my local repository.

Thank you for yor answers.

Best regards,

