Re: first A record of security.debian.org extremely slow
* martin f. krafft:
>> One day more or less doesn't really matter. So far, Debian security
>> updates predated widespread (semi-)automated exploits by weeks.
>
> Why then do you think security.d.o is not mirrored by Debian?
Our mirror network is not actually well-known for its integrity (think
paris.avi). By default, package authenticity is not validated in
sarge and earlier releases. From a security POV, it's better to
download those updates from a limited set of well-maintained servers.
It reduces the attack surface somewhat.
Reply to: