It may get too heavy to not mirror the security update packages.Why don't we put signature verification into apt and dpkg and mirror everything ?
And perhaps have a tool that checks a bunch of known mirrors for discrepencies in the keyring packages ?
And have a single URL, location aware, load balancing server ? :)(I know we've been through this before. I just had a brainwave and wanted to see if anyone was interested in doing the above. Sorry for the lack of realism, but not for the extra zeal)
GBY Tal Danzig wrote:
There are no mirrors of security.debian.org (or shouldn't be) for security reasons. This way the authenticity of security packages can be better controlled. - Tal