Re: [SECURITY] [DSA 3547-1] imagemagick security update
On Tue, 12 Apr 2016, Henrique de Moraes Holschuh wrote:
> We list several mirrors carrying debian security updates in
> https://www.debian.org/mirror/list-full
I think we shouldn't.
> We don't disclose which mirrors are members of the security.debian.org
https://anonscm.debian.org/cgit/mirror/dsa-auto-dns.git/tree/zones/security.debian.org.zone
is the file that the security.d.o zone is generated from.
> Alternate access URIs for several of the security.debian.org pool
> members *do* exist, but that information seems not to be clearly
> displayed anywhere.
They do? Anything we actually tell people to use?
> A good starting point would be to provide a list of official security
> mirrors (potential members of the security.debian.org pool) that can be
> accessed directly when geo-ip is directing an user to a pool member that
> is stale.
No. We derotate mirrors regularly for maintenance work. We don't want
users to pick their security.d.o mirror.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
Reply to: