Am 2006-03-02 20:06:48, schrieb Florian Weimer:
You can use the DSA posting as a trigger.
This is, what I allready do...
My local mirror check the mailbox all 5 minutes and if a security
update comes in it download immediatly...
Currently I am writing a new script which will do this with
Am 2006-03-02 23:09:28, schrieb Florian Weimer:
I typically use an Exim .forward file which invokes a special script
using pipe. The script creates a file, and a cron job which runs
periodically checks for the existence of that file and performs the
desired action when it exists. This means
also sprach Michelle Konzack [EMAIL PROTECTED] [2006.02.28.1824 +0100]:
I can not use rsync because I have a different directory structure AND
I do not want to kill one of the security mirrors of debian, fow often
should I poll the Packages.gz/Sources.gz for changes daily?
Once.
--
Please do
* Michelle Konzack:
1) Download Packages.gz/Sources.gz and check for changes
I think you should look at the Release file first, at least if you
don't use If-Modified-Since or similar conditional requests.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
Am 2006-02-27 15:31:20, schrieb martin f krafft:
also sprach Michelle Konzack [EMAIL PROTECTED] [2006.02.25.2036 +0100]:
debian-security is allready mirrored by some servers including
ftp://ftp.de.debian.org/debian-security/
You are not really supposed to use those as they are
On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Peña wrote:
On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote:
On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
You can trigger the update via ssh or wget.
The entire scheme strikes me as reinventing
On Mon, 06 Mar 2006 at 10:49:45 +, paddy wrote:
On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Pe?a
wrote:
I don't believe it does. Cron-apt is a pull mechanism (download the
latest packages, check if there are upgrades and notify the admin).
A mail filter
Florian Weimer wrote:
Usually, cron-apt has already noticed that there is an update
available before the DSA posting comes in.
This is by design; the DSA is delayed until the archive has been
updated properly (which means that it has arrived at all mirrors).
That's because the included
* Quoting Marc Haber ([EMAIL PROTECTED]):
On Thu, Mar 02, 2006 at 11:09:28PM +0100, Florian Weimer wrote:
I typically use an Exim .forward file which invokes a special script
using pipe. The script creates a file, and a cron job which runs
periodically checks for the existence of that
On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
You can trigger the update via ssh or wget.
The entire scheme strikes me as reinventing a mechanism which has been
existing for years now, being called cron-apt.
Greetings
Marc
--
On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote:
On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
You can trigger the update via ssh or wget.
The entire scheme strikes me as reinventing a mechanism which has been
existing for years now, being called cron-apt.
I don't
* martin f. krafft:
One day more or less doesn't really matter. So far, Debian security
updates predated widespread (semi-)automated exploits by weeks.
Why then do you think security.d.o is not mirrored by Debian?
Our mirror network is not actually well-known for its integrity (think
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can use the DSA posting as a trigger.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
On Thu, Mar 02, 2006 at 08:06:07PM +0100, Florian Weimer wrote:
* martin f. krafft:
Why then do you think security.d.o is not mirrored by Debian?
Our mirror network is not actually well-known for its integrity (think
The explanation is far simpler--debian *does* have mirrors of
also sprach Florian Weimer [EMAIL PROTECTED] [2006.03.02.2006 +0100]:
By default, package authenticity is not validated in sarge and
earlier releases. From a security POV, it's better to download
those updates from a limited set of well-maintained servers. It
reduces the attack surface
also sprach Michael Stone [EMAIL PROTECTED] [2006.03.02.2032 +0100]:
The explanation is far simpler--debian *does* have mirrors of
security.debian.org. At the moment I see three hosts in the rotation.
Yeah, push, not pull mirrors.
--
Please do not send copies of list mail to me; I read the
On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote:
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can use the DSA posting as a trigger.
Usually, cron-apt has already
* Marc Haber:
On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote:
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can use the DSA posting as a trigger.
Usually,
On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote:
On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote:
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can
On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote:
How would you implement the automatism to trigger the update on the
incoming e-mail?
procmail, matching on new mails to the debian-security-announce
mailing list ..
Steve
--
Debian GNU/Linux System Administration
On Thu, Mar 02, 2006 at 11:09:28PM +0100, Florian Weimer wrote:
* Marc Haber:
How would you implement the automatism to trigger the update on the
incoming e-mail?
I typically use an Exim .forward file which invokes a special script
using pipe. The script creates a file, and a cron job
* martin f. krafft:
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical domain where sometimes
it's very important to have updates without any delays.
One day more or less doesn't really matter. So far, Debian security
updates predated
Florian Weimer wrote:
* martin f. krafft:
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical domain where sometimes
it's very important to have updates without any delays.
One day more or less doesn't really matter. So far,
also sprach Florian Weimer [EMAIL PROTECTED] [2006.03.01.2255 +0100]:
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical domain where sometimes
it's very important to have updates without any delays.
One day more or less doesn't
Am 2006-02-20 14:28:12, schrieb Michal Sabala:
I'm considering starting to mirror security. I don't see a reason why
security repository shouldn't be mirrored, while in reality tampering with
packages on _any_ repository has the same outcome.
debian-security is allready mirrored by some
also sprach Michelle Konzack [EMAIL PROTECTED] [2006.02.25.2036 +0100]:
debian-security is allready mirrored by some servers including
ftp://ftp.de.debian.org/debian-security/
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical
also sprach Michal Sabala [EMAIL PROTECTED] [2006.02.20.2328 +0100]:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
Please see
http://lists.debian.org/debian-security/2006/02/msg00041.html
Editing /etc/hosts to contain:
128.101.80.133
82.94.249.158
5 hops, avg 5ms
I'm in Belgium and their server is in Netherland.
The debian security is too small to know if the file transfert is
slow or not.
128.101.80.133
13hops, avg 109ms
194.109.137.218
7hops, avg 5ms
regards,
Francois
On 21 Feb 2006, at 03:25,
On Tue, Feb 21, 2006 at 09:18:16AM +0100, martin f krafft wrote:
also sprach Michal Sabala [EMAIL PROTECTED] [2006.02.20.2328 +0100]:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
Please see
also sprach Brett Parker [EMAIL PROTECTED] [2006.02.21.1023 +0100]:
*blink* - erm, just out of interest, how does this help? This is just
going to stop packets from going to that IP, it's not going to stop
things resolving to that IP, so instead of getting a slow connection
you're just going
On Tue, Feb 21, 2006 at 09:23:07AM +, Brett Parker wrote:
*blink* - erm, just out of interest, how does this help? This is just
going to stop packets from going to that IP, it's not going to stop
things resolving to that IP, so instead of getting a slow connection
you're just going to get
On Mon, Feb 20, 2006 at 06:25:47PM -0800, Michael Sabala wrote:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
I checked traceroute to 82.94.249.158 from two different ISPs.
When the route goes through:
ameritech-sbcglobal-he.net-xs4all.net
For the past month or so security updates have been very slow for us
(~5KB/sec). It appears that the first A record for the
security.debian.org is the problem.
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
security.debian.org has address 128.101.80.133
* Quoting Michal Sabala ([EMAIL PROTECTED]):
For the past month or so security updates have been very slow for us
(~5KB/sec). It appears that the first A record for the
security.debian.org is the problem.
host -t a security.debian.org
security.debian.org has address 82.94.249.158 -
--- Rolf Kutz [EMAIL PROTECTED] wrote:
* Quoting Michal Sabala ([EMAIL PROTECTED]):
For the past month or so security updates have been very slow for us
(~5KB/sec). It appears that the first A record for the
security.debian.org is the problem.
host -t a security.debian.org
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
I checked traceroute to 82.94.249.158 from two different ISPs.
When the route goes through:
ameritech-sbcglobal-he.net-xs4all.net then it is fine. (15 hops)
If it goes through:
36 matches
Mail list logo
