Re: first A record of security.debian.org extremely slow

To: debian-security@lists.debian.org
Subject: Re: first A record of security.debian.org extremely slow
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 02 Mar 2006 20:06:07 +0100
Message-id: <[🔎] 87psl4k6ow.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20060301222021.GA11096@lapse.madduck.net> (martin f. krafft's message of "Wed, 1 Mar 2006 23:20:21 +0100")
References: <20060220222813.63787.qmail@web81702.mail.mud.yahoo.com> <UJYs4B.A.z6.muvAEB@mobilix.private> <20060227143120.GA30533@lapse.madduck.net> <[🔎] 87acc9j0dq.fsf@mid.deneb.enyo.de> <[🔎] 20060301222021.GA11096@lapse.madduck.net>

* martin f. krafft:

>> One day more or less doesn't really matter.  So far, Debian security
>> updates predated widespread (semi-)automated exploits by weeks.
>
> Why then do you think security.d.o is not mirrored by Debian?

Our mirror network is not actually well-known for its integrity (think
paris.avi).  By default, package authenticity is not validated in
sarge and earlier releases.  From a security POV, it's better to
download those updates from a limited set of well-maintained servers.
It reduces the attack surface somewhat.

Reply to:

Follow-Ups:
- Re: first A record of security.debian.org extremely slow
  - From: Michael Stone <mstone@debian.org>
- Re: first A record of security.debian.org extremely slow
  - From: martin f krafft <madduck@debian.org>

References:
- Re: first A record of security.debian.org extremely slow
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: first A record of security.debian.org extremely slow
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Password authentication with LDAP and SSH
Next by Date: Re: first A record of security.debian.org extremely slow
Previous by thread: Re: first A record of security.debian.org extremely slow
Next by thread: Re: first A record of security.debian.org extremely slow
Index(es):
- Date
- Thread