Re: [SECURITY] [DSA 3547-1] imagemagick security update
On Tue, Apr 12, 2016, at 16:37, Michael Stone wrote:
> On Tue, Apr 12, 2016 at 04:19:20PM -0300, Henrique de Moraes Holschuh
> wrote:
> >We don't disclose which mirrors are members of the security.debian.org
> >pool anywhere (that I could find), so we are currently hiding everything
> >behind security.debian.org. This wasn't a problem when a DNS lookup for
> >security.debian.org would return a RR-SET with several A and AAAA
> >records, but geo-ip changed that to return a single A record. When
> >geo-ip points security.debian.org to a broken or stale mirror for
> >someone, it is a pain to work around it for the duration.
> >
> >And if you need to access security.debian.org over IPv6, "too bad".
>
> Huh?
>
> Huh?
>
> > host security.debian.org
> security.debian.org has address 149.20.20.19
> security.debian.org has address 128.61.240.73
> security.debian.org has address 128.101.240.215
> security.debian.org has address 128.31.0.63
> security.debian.org has IPv6 address 2607:ea00:101:3c0b::1deb:215
> security.debian.org has IPv6 address 2001:4f8:8:36::1deb:19
> security.debian.org has IPv6 address 2610:148:1f10:3::73
Not here. All I get is a single A record.
But that explains a lot more about how full of surprises is that black
box than I ever expected. I wonder why I don't get at least one AAAA as
well, though. The mirror it returns has it.
Still, I am happy to know our geoip supports IPv6 and will even give you
multiple records if you are somewhere it considers more
connectivity-blessed. Thanks for the good news :)
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: