Re: snapshot.debian.net

To: debian-project@lists.debian.org
Subject: Re: snapshot.debian.net
From: Steve Langasek <vorlon@debian.org>
Date: Mon, 25 Apr 2005 15:40:32 -0700
Message-id: <[🔎] 20050425224030.GB21741@mauritius.dodds.net>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 20050425131441.GX7744@finlandia.infodrom.north.de>
References: <20050425060335.GD19175@redwald.deadbeast.net> <[🔎] 200504250840.00746.avbidder@fortytwo.ch> <[🔎] 20050425070947.GB18472@mauritius.dodds.net> <[🔎] 20050425091557.GQ7744@finlandia.infodrom.north.de> <[🔎] 20050425095059.GA19830@mauritius.dodds.net> <[🔎] 20050425131441.GX7744@finlandia.infodrom.north.de>

On Mon, Apr 25, 2005 at 03:14:41PM +0200, Martin Schulze wrote:
> Steve Langasek wrote:
> > > > > I wonder if snapshot shouldn't be promoted to an official debian.*org* 
> > > > > service in recognition of its value to the project.

> > > > One concern I have, personally, is over precisely how much value
> > > > snapshot.d.n provides to the *project*, as opposed to providing value to
> > > > others outside the project.  Since DDs have access to recently removed
> > > > packages via the morgue on merkel (albeit not indexed nicely the way
> > > > snapshot.d.n currently is), I really wonder if this service should be a
> > > > priority for Debian to spend money on while our ports and other areas of
> > > > core infrastructure are in a state of disarray (IMHO).

> > > The snapshot service is very valuable when it comes to checking older
> > > versions of packages.  For example, it is a very, very good help for
> > > doing security work when older package versions need to be reviewed.

> > Out of curiosity, do you have a sense of how long after a package is dropped
> > from the archive that it ceases being useful to you for security research?

> At least as long as the package is in at least one of {oldstable,
> stable, testing, unstable, experimental}.  However, since there are
> only rare cases of me dealing with removed packages, I can't rely on
> experience.

Sorry, I guess I wasn't clear.  When I said "dropped from the archive", I
meant the particular version of the package, not the package as a whole.

> > According to <http://snapshot.debian.net/du/df.png>, it's already exceeded
> > 1.2TB.  That sounds to me like it would be one of the larger direct hardware
> > purchases ever made by the project, so I do think it's a good idea to ask
> > how much of this history is truly needed by the project -- the open-ended
> > 1.2TB and growing of snapshot.d.n, or something more modest, like the 60GB
> > used by the morgue?

> Having source packages available indefinitively would be good.  When
> it comes to space problems, maybe dropping binary packages when the
> version is older than what is in (old)oldstable currently would be an
> option.

At the current rate, that would suggest 3-4TB of usage total... that seems
excessive to me, but if you say all of this data is potentially useful to
you, then I accept that.

-- 
Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- snapshot.debian.net
  - From: Adrian von Bidder <avbidder@fortytwo.ch>
- Re: snapshot.debian.net
  - From: Steve Langasek <vorlon@debian.org>
- Re: snapshot.debian.net
  - From: Martin Schulze <joey@infodrom.org>
- Re: snapshot.debian.net
  - From: Steve Langasek <vorlon@debian.org>
- Re: snapshot.debian.net
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: snapshot.debian.net
Next by Date: Re: agenda for Debian leadership team (a.k.a. "Project Scud") meeting on 2005-04-24
Previous by thread: Re: snapshot.debian.net
Next by thread: Re: snapshot.debian.net
Index(es):
- Date
- Thread