Re: snapshot.debian.net
Steve Langasek wrote:
> > > > I wonder if snapshot shouldn't be promoted to an official debian.*org*
> > > > service in recognition of its value to the project.
>
> > > One concern I have, personally, is over precisely how much value
> > > snapshot.d.n provides to the *project*, as opposed to providing value to
> > > others outside the project. Since DDs have access to recently removed
> > > packages via the morgue on merkel (albeit not indexed nicely the way
> > > snapshot.d.n currently is), I really wonder if this service should be a
> > > priority for Debian to spend money on while our ports and other areas of
> > > core infrastructure are in a state of disarray (IMHO).
>
> > The snapshot service is very valuable when it comes to checking older
> > versions of packages. For example, it is a very, very good help for
> > doing security work when older package versions need to be reviewed.
>
> Out of curiosity, do you have a sense of how long after a package is dropped
> from the archive that it ceases being useful to you for security research?
At least as long as the package is in at least one of {oldstable,
stable, testing, unstable, experimental}. However, since there are
only rare cases of me dealing with removed packages, I can't rely on
experience.
> According to <http://snapshot.debian.net/du/df.png>, it's already exceeded
> 1.2TB. That sounds to me like it would be one of the larger direct hardware
> purchases ever made by the project, so I do think it's a good idea to ask
> how much of this history is truly needed by the project -- the open-ended
> 1.2TB and growing of snapshot.d.n, or something more modest, like the 60GB
> used by the morgue?
Having source packages available indefinitively would be good. When
it comes to space problems, maybe dropping binary packages when the
version is older than what is in (old)oldstable currently would be an
option.
Regards,
Joey
--
Have you ever noticed that "General Public Licence" contains the word "Pub"?
Reply to: