Re: WTF: Debian security, ex. Linux kernel vulnerabilities
Andreas Barth <firstname.lastname@example.org> writes:
> * Bob Tanner (email@example.com) [050920 16:39]:
>> Same here. Reach out to the community and let us help.
> Well, the basic problem with mirrors is:
> * How can we be sure that all mirrors are synced _very_ fast? We will
> probably get more negative feedback if some mirrors are delayed by
> more than 10 minutes (and some of our normal mirrors are _way_ worse).
Send the announcement more than 10 minutes after the mirror pulse.
> * How do we make sure that potential issues can be fixed "fast enough"?
Put the mirror and security.d.o into the sources.list. That way
apt-get fixes the usual issues itself by falling back to the root if
This also solves the unmentioned "How can I be sure the mirror is
> Of course, none of these questions is unsolveable, and there are
> currently discussions underway how we can do it sensible, but it's not
> as trivial as one might hope in the beginning of that discussion.
> Still, thank you very much for your offer (and I really hope that we can
> make use of the mirroring offters one day).