[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-fast

Also, as a company, we try very hard to share not only our packaging efforts [1,2], but also our time.

From previous experience, much larger companies can be far more egoistic.

But I understand the point.

1] https://salsa.debian.org/erpel
[2] https://salsa.debian.org/televic-team/

On Thu, May 30, 2024, 19:26 Marc Leeman <marc.leeman@gmail.com> wrote:
Just for the record,

We use apt-fast on our internal mirror that is sync'd with aptly on a nightly basis.


On Thu, May 30, 2024, 19:04 Julian Andres Klode <jak@debian.org> wrote:
On Thu, May 30, 2024 at 05:53:47PM +0200, Marc Leeman wrote:
> Hi,
>
> I packaged apt-fast because we're using it in our company for builds
> and thought to share it (there was a long time RFP open [1]).
>
> It got rejected from ftp-master because of the name:
>
> """
> given the latest fuss about packages named apt-*, please ask on
> deity@lists.debian.org whether your choosen name is appreciated by
> those people.
> """
>
> I don't have preference for names; but in this particular case;
> changing it from what upstream defines would also add confusion.
>
> $ cat debian/upstream/metadata
> Bug-Database: https://github.com/ilikenwf/apt-fast/issues
> Repository: https://github.com/ilikenwf/apt-fast.git
> Repository-Browse: https://github.com/ilikenwf/apt-fast
> Bug-Submit: https://github.com/ilikenwf/apt-fast/issues
>

This should not be packaged. Our position on this is quite clear:

The limitations on single connection per mirror are not of technical
nature but political.

Our mirror operators provide a free service to the project, and
we should not be circumventing the bandwidth limits they have
put in place by using multiple connections.

APT has the most advanced downloading capability in the world,
and can download in parallel from as many mirrors as you configure
it to using the mirror:// method.

Going forward we may have to open a limited set of parallel connections
to mirrors, in favor of pipelining, so as to enable us to deliver HTTP/2
and HTTP/3 or so, by use of an external library (curl) but this needs to
be discussed with the mirror operators first and it's a long road to get
there.

i.e. please don't be an egoist and try to steal freely provided
resources for yourself, especially as a company.

If you need parallel downloads, configure apt to use the mirror method
and download from multiple mirrors in parallel.

Aside from the political implications, this has quite severe technical
deficiencies, hacking around as a wrapper around apt that downloads
files into apts internal cache. It doesn't maintain the lock for the
internal apt cache directory, the file validation is iffy, it downloads
as root, and together this creates quite significant risk both of breaking
stuff and providing security backdoors.


--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en
Reply to: