[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possibly moving Debian services to a CDN

On 30/01/14 at 13:53 +0100, Tollef Fog Heen wrote:
> ]] Tollef Fog Heen
> Hi all,
> >  - the various bits and bobs that are currently hosted on
> >  static.debian.org
> I thought it's time for a small update about this.  As of about an hour
> ago, planet and metadata.ftp-master are now served from the Fastly CDN,
> and it all seems to be working quite smoothly.
> We've uncovered some bits we want to make work better, such as adding
> and removing backend servers automatically when they become unavailable
> or are added to the static DNS RR, purging content from the caches when
> it's updated and possibly some other minor bits.
> This does sadly mean we don't currently have IPv6 for those two
> services, something that's being worked on by Fastly.
> As for the privacy concerns raised in the thread, I've had quite a lot
> of discussions with Fastly about how they operate wrt privacy. They
> don't store request-related logs (only billing information), so there
> are no URLs, cookie, client IPs or similar being stored.  Varnish has an
> ephemeral log which they go through a couple of times a minute where
> some of that information is present, but it never leaves the host
> (unless we enable logging to an endpoint we control).  I'm quite content
> with how they're handling the privacy concerns.
> In the interest of full disclosure I should also mention that I'm
> starting to work for Fastly in a few days time.  I don't believe that
> has influenced my views or judgements here.

Hi Tollef,

Thanks a lot for this status update. I'm very much in favor of exploring
ways to make the Debian infrastructure easier to manage, and using
a CDN sounds like a great way to do so. It's great that things worked
out with Fastly (any plans for a more public announcement?).

However, in [1], I raised one main non-technical concern that is not
mentioned in your mail: I fear that, by moving to CDNs without ensuring
that there are a sufficient number of CDN providers willing and able to
support Debian, we could end up in a lock-in situation with a specific
CDN provider (after all, there are not so many of them, and even a
smaller number could be able to deal with our technical requirements).

[1] https://lists.debian.org/debian-project/2013/10/msg00074.html

Of course, as long as we have the infrastructure to go back to the old
way of doing things, it is not a big problem. So I'm not worried at the
moment. But one of the end goals of using CDN is to reduce the number of
Debian PoP (have Debian machines in a fewer number of datacenters, to
make them easier to manage). Once we do that, it will be very hard to go

Have you been trying to reach out to other CDN providers about
supporting Debian? I know of discussions with Amazon CloudFront, but I
remember some technical blockers?
Could the DPL be of some help to you in that process?


Attachment: signature.asc
Description: Digital signature

Reply to: