Re: Possibly moving Debian services to a CDN
]] "Andrew M.A. Cater"
> On Sun, Oct 13, 2013 at 08:44:56AM +0200, Tollef Fog Heen wrote:
> > Dear Project,
> > The System Administration Team (DSA) are considering moving some of the
> > static hosting that Debian currently provides from our infrastructure to
> > one or more CDNs. We have received feedback indicating that a broader
> > discussion is desired.
> > Debian has, for over a decade, operated its own form of a content
> > delivery network (multiple variants, actually) by leveraging our own
> > infrastructure as master sources and community-provided infrastructure
> > (primarily from universities and regional network providers) for local
> > distribution.
> It works - tell anyone to use ftp.[country name].debian.org and it
> "just works". If ftp.[mycountry].debian.org is down, use ftp.[neighbour country]
> .debian.org - and, crucially, it's all under one debian.org domain.
Whether we use a CDN or not does not change that at all. (We might want
to move everything towards using ftp.debian.org and just
geolocate/anycast the CDN nodes and long-term deprecate the country
> If managers/software licensing mavens/project funding authorities etc. question where your
> software is actualy from - it's from Debian themselves.
To the same degree that it will be in the future. We don't run most of
the mirrors ourselves, they're run by a bunch of third parties. Some of
those are doing an excellent job, some are not.
> This is (potentially) good news for laptop/desktop users: instant access from closest mirrors.
> This is also an increasing trend: Firefox, Raspbian, Archlinux (I think) are all CDN served.
One of the CDN offers we have are from the people that run the CDN for
the pypi (Python packages) network.
> If you run behind restrictive firewall policies / in corporate land, it's not nearly so hot.
> Static long lasting mirrors are really useful here when you have to ask your network admin.
> to unblock firewalls for each IP address.
That's not really that different from today. We move security mirrors
every so often and they're geolocated so the ones you get in Europe and
the US are not necessarily the same.
> If you want to configure > 10 servers, say, or to build repeated groups of servers over a long time,
> it's good to have consistency and the existing network provides this. If the trend globally is
> to CDNs, however, it will be hard to buck the trend for the long term.
If you want to, you can always run a local mirror. We are not trying to
change that. There is nothing in the current setup that inherently give
you any such guarantees.
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are