, we
> do not recommend to our users to use mirrors to obtain security
> updates and instead ask them to directly download them from our
> distributed security.debian.org service. We recommend debian-security
> not be mirrored.
OTOH, security.d.o points to some fastly-assigned IPs directly whe
On 1/23/22, Stefan Fritsch wrote:
> Am 22.01.22 um 21:07 schrieb Bjørn Mork:
>> Stefan Fritsch writes:
>>
>>> # cat /etc/apt/apt.conf.d/11-default-release
>>> APT::Default-Release "bullseye";
>>
>> Just don't do that. It breaks all normal preferences and will end up
>> preferring "bullseye"
Am 22.01.22 um 21:07 schrieb Bjørn Mork:
Stefan Fritsch writes:
# cat /etc/apt/apt.conf.d/11-default-release
APT::Default-Release "bullseye";
Just don't do that. It breaks all normal preferences and will end up
preferring "bullseye" over anything else. Including
"bullseye-security".
Stefan Fritsch writes:
> # cat /etc/apt/apt.conf.d/11-default-release
> APT::Default-Release "bullseye";
Just don't do that. It breaks all normal preferences and will end up
preferring "bullseye" over anything else. Including
"bullseye-security".
Use preferences instead if you need to tweak
On 22.01.22 11:09, Stefan Fritsch wrote:
*** 5.10.84-1 990
The 990 looks like pinning for me.
Best regards
Ulf
* [Sat, Jan 22, 2022 at 11:09:20AM +0100] Stefan Fritsch:
I think the bullseye-security codename should be "bullseye" instead.
Or am I missing something
The repo naming scheme has changed with bullseye. I do not have the
announcement at hands, however the old '/updates' is now
'-security',
: 5.10.84-1
Version table:
5.15.15-1 500
500 http://mirror.hetzner.de/debian/packages unstable/main
amd64 Packages
5.10.92-1 500
500 http://security.debian.org bullseye-security/main amd64
Packages
*** 5.10.84-1 990
990 http://mirror.hetzner.de/debian/packages
500 http://mirror.hetzner.de/debian/packages unstable/main
amd64 Packages
5.10.92-1 500
500 http://security.debian.org bullseye-security/main amd64 Packages
*** 5.10.84-1 990
990 http://mirror.hetzner.de/debian/packages bullseye/main
amd64 Packages
100 /var/lib
/debian/packages unstable/main
amd64 Packages
5.10.92-1 500
500 http://security.debian.org bullseye-security/main amd64
Packages
*** 5.10.84-1 990
990 http://mirror.hetzner.de/debian/packages bullseye/main
amd64 Packages
100 /var/lib/dpkg/status
But apt-get dist
On 19/08/2021 07:25, Daniel Lewart wrote:
Debian Security,
Is there a preferred sources.list URI for the Debian security
repository between:
* http://deb.debian.org/debian-security
* http://security.debian.org/debian-security
Default is freshly installed system is
deb http
* [Thu, Aug 19, 2021 at 01:25:00AM -0500] Daniel Lewart:
Is there a preferred sources.list URI for the Debian security
repository between:
* http://deb.debian.org/debian-security
* http://security.debian.org/debian-security
I asked in debian-devel and received two replies:
* https
Georgi Naplatanov wrote:
> I have no opinion but found this
> https://wiki.debian.org/SourcesList
SZÉPE Viktor wrote:
> And there is this
> https://wiki.debian.org/NewInBullseye#Changes
Both of these were referenced in my original message:
Idézem/Quoting Georgi Naplatanov :
On 8/19/21 09:25, Daniel Lewart wrote:
Debian Security,
Is there a preferred sources.list URI for the Debian security
repository between:
* http://deb.debian.org/debian-security
* http://security.debian.org/debian-security
I asked in debian-devel
On 8/19/21 09:25, Daniel Lewart wrote:
> Debian Security,
>
> Is there a preferred sources.list URI for the Debian security
> repository between:
> * http://deb.debian.org/debian-security
> * http://security.debian.org/debian-security
>
> I asked in debian-devel
Debian Security,
Is there a preferred sources.list URI for the Debian security
repository between:
* http://deb.debian.org/debian-security
* http://security.debian.org/debian-security
I asked in debian-devel and received two replies:
* https://lists.debian.org/debian-devel/2021/08/msg00166
Julian Andres Klode :
> This seems the "best" outcome. In any case, we have about 2 years to
> figure this out and should keep things this way for now.
[...]
> Anyhow, we've got two years to fix this, no need to rush a "fix" out
> now.
One year has passed without rushing a fix, or any other
Hi all,
As a reminder, in November[0] I wrote:
> For a long time, the Debian security mirrors have served the security
> archive via both HTTP and rsync. As part of improving the reliability
> of security.debian.org for our users, the Debian mirrors team is going
> to separate th
Hi,
For a long time, the Debian security mirrors have served the security
archive via both HTTP and rsync. As part of improving the reliability
of security.debian.org for our users, the Debian mirrors team is going
to separate those services to different host names:
- http://security.debian.org
On Sun, Jan 15, 2017 at 1:41 PM, Tea Wrex wrote:
> I am unable to make HTTPS connections to https://security.debian.org/
security.d.o has never supported https. Some of the machines behind it
also host other services, some of which support https, which is why
you get certificate errors.
--
On Sunday, 2017-01-15 at 07:40:40 +0100, Scrap wrote:
> Are you sure the URL is correct? If i try to connect to
> https://security.debian.org/ from Chrome I revice:" ERR_CONNECTION_REFUSED".
> If i try with out https i'm redirect to https://www.debian.org/security/ and
> th
Are you sure the URL is correct? If i try to connect to
https://security.debian.org/ from Chrome I revice:"
ERR_CONNECTION_REFUSED". If i try with out https i'm redirect to
https://www.debian.org/security/ and this site have a trusted certificate.
On 01/15/2017 06:41 AM, Tea Wrex w
I am unable to make HTTPS connections to https://security.debian.org/ ...
My browser said my connection is insecure when I attempt to visit that site.
Also, the report from SSL Labs says the site is not trusted.
https://www.ssllabs.com/ssltest/analyze.html?d=security.debian.org
What
Hi,
From a host on the West Coast of the US security.debian.org resolves to
the following IPs:
149.20.20.19
128.101.240.215
128.31.0.63
128.61.240.73
Grabbing dists/jessie/updates/InRelease from each of these and looking
at the Date header, two of them appear to be a few days out of date
On Wed, 06 Jan 2016, Alex Brett wrote:
> Grabbing dists/jessie/updates/InRelease from each of these and
> looking at the Date header, two of them appear to be a few days out
> of date:
> InRelease.128.101.240.215:Date: Sun, 03 Jan 2016 20:01:14 UTC
> InRelease.128.31.0.63:Date: Wed, 06 Jan 2016
I am trying to build my live system using live build from git
repository- version 4.0.3-1.
And I enabled --security true \ LB_SECURITY=true option. I get:
W: Failed to fetch
http://security.debian.org/dists/wheezy/updates/Release Unable to find
expected entry 'wheezy/updates/binary-i386
Dnia 2013-11-10, nie o godzinie 19:50 +, adrelanos pisze:
Hi!
How (un)safe would it be...? When using Debian while...
Not using:
deb http://ftp.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
Only using:
deb
On Mon, Nov 11, 2013 at 6:17 AM, Norbert Kiszka wrote:
Missing dependencies can break upgrade. For ex. one package from
security-update can depend on other package, so it will not be
installed. Unless You install it by hand.
That isn't quite right since excepting mistakes, security updates
asterisk-mysql | grep wheezy
| 500 http://security.debian.org/ wheezy/updates/main amd64 Packages
| 500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages
libc6 is _not_ shipped in the security archive:
| $ apt-cache policy libc6 | grep wheezy
| 500 http
| Depends: […] libc6 (= 2.4), […]
| $ apt-cache policy asterisk-mysql | grep wheezy
| 500 http://security.debian.org/ wheezy/updates/main amd64 Packages
| 500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages
libc6 is _not_ shipped in the security archive:
| $ apt
On Tue, Nov 12, 2013 at 6:30 AM, Michael Gilbert wrote:
Which confirms my point. That asterisk update, for example, required
no new package dependencies outside the security archive.
You said no deps outside the security archive, not no new deps outside
the security archive.
Anyway, the
On Mon, Nov 11, 2013 at 11:20 PM, Paul Wise wrote:
On Tue, Nov 12, 2013 at 6:30 AM, Michael Gilbert wrote:
Which confirms my point. That asterisk update, for example, required
no new package dependencies outside the security archive.
You said no deps outside the security archive, not no new
Hi!
How (un)safe would it be...? When using Debian while...
Not using:
deb http://ftp.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
Only using:
deb http://security.debian.org stable/updates main contrib non-free
Does
On Sun, Nov 10, 2013 at 2:50 PM, adrelanos wrote:
Hi!
How (un)safe would it be...? When using Debian while...
Not using:
deb http://ftp.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
Only using:
deb http
adrelanos wrote (10 Nov 2013 19:50:12 GMT) :
Or the same question in other words: are sometimes updates fixing
security issues released though repositories other than the security
repository?
Yes: see every {,old}stable point-release release notes.
Cheers,
--
intrigeri
| GnuPG key @
* adrelanos (adrela...@riseup.net) [10.11.13 20:51]:
Hi!
How (un)safe would it be...? When using Debian while...
Not using:
deb http://ftp.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
Only using:
deb http
Hello,
I see :
---
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
---
Why have you both squeeze and wheezy in your sources.list ?
Thanks,
*Jérémie Balagna-Ranin**
Apprenti en ingénierie Informatique à
On Thu, September 5, 2013 23:17, Luke L wrote:
as root, I issue:
apt-get update
I get errors such as:
Err http://security.debian.org squeeze/updates/main amd64 Packages
503 Forwarding failure
This error is most probably generated by some intermediate proxy between
your system
as root, I issue:
apt-get update
I get errors such as:
Err http://security.debian.org squeeze/updates/main amd64 Packages
503 Forwarding failure
Is this something to worry about?
The relevant lines in my /etc/apt/sources.list are:
deb http://security.debian.org/ wheezy/updates main contrib
Hello,
This one time, at band camp, Stefan Eriksson said:
Hi now and again we get a timeout when looking up
security.debian.org while running apt-get update. We have traced it
to the ipv6's we get. It seems like they change (and as ipv6 have
prio over ipv4 we are affected) Which ipv6 range
* Stefan Eriksson:
Hi now and again we get a timeout when looking up security.debian.org
while running apt-get update. We have traced it to the ipv6's we
get. It seems like they change (and as ipv6 have prio over ipv4 we are
affected) Which ipv6 range should we open for in iptables to have
Hi now and again we get a timeout when looking up security.debian.org
while running apt-get update. We have traced it to the ipv6's we get. It
seems like they change (and as ipv6 have prio over ipv4 we are affected)
Which ipv6 range should we open for in iptables to have full access
Hey,
it seems that there's an issue with the current security sources:
W: Failed to fetch
http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages.bz2
Hash Sum mismatch
I get:
curl -s
http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages.bz2
On Mon, Apr 25, 2011 at 11:19:25AM +0200, Yves-Alexis Perez wrote:
W: Failed to fetch
http://security.debian.org/dists/squeeze/updates/main/binary-amd64/Packages.bz2
Hash Sum mismatch
Agreed. I see
http://security.debian.org/dists/squeeze/updates/Release.new with a
timestamp more like
On Mon, 25, Apr, 2011 at 09:27:04AM +, Colin Watson spoke thus..
Agreed. I see
http://security.debian.org/dists/squeeze/updates/Release.new with a
timestamp more like Packages.bz2; the Release and Release.gpg files have
timestamps eight hours or so earlier. It looks to me
Processing commands for cont...@bugs.debian.org:
# the PTS is fed by the sec tracker
reassign 583381 security-tracker
Bug #583381 [qa.debian.org,security.debian.org]
http://packages.qa.debian.org/o/openswan.html reports wrong open security issue
Bug reassigned from package 'qa.debian.org
Michael Stone wrote:
On Wed, Jan 13, 2010 at 06:18:02PM -0600, Boyd Stephen Smith Jr. wrote:
IPv6 uses path MTU detection.
So does IPv4 these days, doesn't mean people don't break it. :-)
Mike Stone
Please ignore my original message.
I was certain that I'd checked my firewall wasn't
Hi,
I've recently been allocated an ipv6 block to test ipv6 with. This
however has created a problem for me.
# ping6 security.debian.org
PING security.debian.org(2001:a78::16) 56 data bytes
64 bytes from 2001:a78::16: icmp_seq=1 ttl=58 time=117 ms
64 bytes from 2001:a78::16: icmp_seq=2 ttl=58
On Wed, Jan 13, 2010 at 05:37:20PM +0100, Eelco Jepkema wrote:
;; ANSWER SECTION:
security.debian.org.263 IN 2001:a78::16
security.debian.org.263 IN 2001:8d8:2:1:6564:a62:0:2
security.debian.org.263 IN 2001:a78::1a
This seems
Hi,
On Wed Jan 13, 2010 at 17:37:20 +0100, Eelco Jepkema wrote:
Hi,
I've recently been allocated an ipv6 block to test ipv6 with. This
however has created a problem for me.
# ping6 security.debian.org
PING security.debian.org(2001:a78::16) 56 data bytes
64 bytes from 2001:a78::16
On Wed, Jan 13, 2010 at 08:59:18PM +0100, Martin Zobel-Helas wrote:
Can you give us a tcptraceroute6 to from your machine to security.d.o?
Also, can you download from other servers with ipv6? Could be local mtu
issue if nothing works. (Ping would be ok, but large TCP downloads would
flake
On Wednesday 13 January 2010 14:06:12 Michael Stone wrote:
On Wed, Jan 13, 2010 at 08:59:18PM +0100, Martin Zobel-Helas wrote:
Can you give us a tcptraceroute6 to from your machine to security.d.o?
Also, can you download from other servers with ipv6? Could be local mtu
issue if nothing
On Wed, Jan 13, 2010 at 06:18:02PM -0600, Boyd Stephen Smith Jr. wrote:
IPv6 uses path MTU detection.
So does IPv4 these days, doesn't mean people don't break it. :-)
Mike Stone
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
On Tue, 2008-06-17 at 15:38 -0500, Bob Tanner wrote:
Last several days I'm having problems accessing 130.89.175.54, a
server in the security.debian.org rotation.
Probably related to this:
http://lists.debian.org/debian-infrastructure-announce/2008/06/msg1.html
(kassia.debian.org
On Jun 17, 2008, at 8:04 PM, Roger Bumgarner wrote:
Can you be more specific?
Things are ok today. The specific issue was huge latency to this mirror.
Just seemed suspicious that multiple networks from multiple locations
in the midwest (US) all had huge latency to this security mirror.
Last several days I'm having problems accessing 130.89.175.54, a
server in the security.debian.org rotation.
This is from systems across the midwest of America.
Is there a known problem with this host?
Just my network and systems?
--
Bob Tanner [EMAIL PROTECTED] | Phone : (952)943
need to
all be worried about.
Good luck :D
-rb
On Tue, Jun 17, 2008 at 1:38 PM, Bob Tanner [EMAIL PROTECTED] wrote:
Last several days I'm having problems accessing 130.89.175.54, a server in
the security.debian.org rotation.
This is from systems across the midwest of America
On Friday, 2007-08-17 at 11:22:11 +0200, Lupe Christoph wrote:
Failed to fetch
http://security.debian.org/dists/testing/updates/main/binary-i386/Packages.bz2
MD5Sum mismatch
(I have only checked one server for the Release file, so I'm only
assuming that the file is the same on all three
Hi!
I can't apt-get update testing/updates main:
Failed to fetch
http://security.debian.org/dists/testing/updates/main/binary-i386/Packages.bz2
MD5Sum mismatch
The Release file has this MD5 sum:
b6465c8fe5c1ecb2eb67d22100a78dd745569 main/binary-i386/Packages.bz2
The Packages.bz2 files
://security.debian.org/dists/testing/updates/main/binary-i386/Packages.bz2
MD5Sum
mismatch
The Release file has this MD5 sum:
b6465c8fe5c1ecb2eb67d22100a78dd745569 main/binary-i386/Packages.bz2
The Packages.bz2 files from all three servers have the same, different
sum
://security.debian.org/dists/testing/updates/main/binary-i386/Packages.bz2
MD5Sum
mismatch
You're right, this can be caused by an update. (I *wish* those updates
were atomic, but they probably arent'.) It's been like that since noon
local time yesterday:
/dists/testing/updates/main/binary-i386
, Lupe Christoph [EMAIL PROTECTED] wrote:
Failed to fetch
http://security.debian.org/dists/testing/updates/main/binary-i386/Packages.bz2
MD5Sum
mismatch
You're right, this can be caused by an update. (I *wish* those updates
were atomic, but they probably arent'.)
why not though
On Friday, 2007-08-17 at 10:46:32 +, [EMAIL PROTECTED] wrote:
On Fri, Aug 17, 2007 at 12:20:34PM +0200, Lupe Christoph wrote:
I *wish* those updates
were atomic, but they probably arent'.
why not though ?
Because they involve a lot of files. You would have to use two areas
that
Hi,
On Fri Aug 17, 2007 at 13:12:34 +0200, Lupe Christoph wrote:
On Friday, 2007-08-17 at 10:46:32 +, [EMAIL PROTECTED] wrote:
On Fri, Aug 17, 2007 at 12:20:34PM +0200, Lupe Christoph wrote:
I *wish* those updates
were atomic, but they probably arent'.
why not though ?
What's up with security.debian.org? Apt is missing it. ;-)
-Jim P.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Thu, 2007-06-14 at 00:32 -0400, Jim Popovitch wrote:
What's up with security.debian.org? Apt is missing it. ;-)
Of course, as soon as I send the email
disregard previous email, apologies.
-Jim P.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
I have previously kept an copy of security.debian.org on our local
ftp-server and updated it twice a day.
The rsync-script does not work any longer (and I have not checked since
when). Is there a login required now or is there no longer a
rsync-service available from there?
Regards
Johann
Am 2006-03-02 20:06:48, schrieb Florian Weimer:
You can use the DSA posting as a trigger.
This is, what I allready do...
My local mirror check the mailbox all 5 minutes and if a security
update comes in it download immediatly...
Currently I am writing a new script which will do this with
Am 2006-03-02 23:09:28, schrieb Florian Weimer:
I typically use an Exim .forward file which invokes a special script
using pipe. The script creates a file, and a cron job which runs
periodically checks for the existence of that file and performs the
desired action when it exists. This means
also sprach Michelle Konzack [EMAIL PROTECTED] [2006.02.28.1824 +0100]:
I can not use rsync because I have a different directory structure AND
I do not want to kill one of the security mirrors of debian, fow often
should I poll the Packages.gz/Sources.gz for changes daily?
Once.
--
Please do
* Michelle Konzack:
1) Download Packages.gz/Sources.gz and check for changes
I think you should look at the Release file first, at least if you
don't use If-Modified-Since or similar conditional requests.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
old packages localy
5) create new Packages.gz/Sources.gz
I have encountered this works faster and more effectiv then using rsync.
Currently I poll ftp://security.debian.org/ only once a day.
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux
mechanism.
Notice that in the later (push) you could have somebody review if the
update is critical enough, or only tell systems to upgrade once the patch
has been tested internally. That seems easier to me than, in the pull system,
set up an intermediate mirror of security.debian.org with *approved
system,
set up an intermediate mirror of security.debian.org with *approved*
updates,
have the systems update automatically and have a sysadmin move the updates
from the official mirror over to that internal mirror based on whether the
update is critical or not.
Also, in my mind's view
Florian Weimer wrote:
Usually, cron-apt has already noticed that there is an update
available before the DSA posting comes in.
This is by design; the DSA is delayed until the archive has been
updated properly (which means that it has arrived at all mirrors).
That's because the included
* Quoting Marc Haber ([EMAIL PROTECTED]):
On Thu, Mar 02, 2006 at 11:09:28PM +0100, Florian Weimer wrote:
I typically use an Exim .forward file which invokes a special script
using pipe. The script creates a file, and a cron job which runs
periodically checks for the existence of that
On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote:
You can trigger the update via ssh or wget.
The entire scheme strikes me as reinventing a mechanism which has been
existing for years now, being called cron-apt.
Greetings
Marc
--
is critical enough, or only tell systems to upgrade once the patch
has been tested internally. That seems easier to me than, in the pull system,
set up an intermediate mirror of security.debian.org with *approved* updates,
have the systems update automatically and have a sysadmin move the updates
from
* martin f. krafft:
One day more or less doesn't really matter. So far, Debian security
updates predated widespread (semi-)automated exploits by weeks.
Why then do you think security.d.o is not mirrored by Debian?
Our mirror network is not actually well-known for its integrity (think
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can use the DSA posting as a trigger.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
of
security.debian.org. At the moment I see three hosts in the rotation.
Why not add more? Well, what problem does that solve?
--
Michael Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
also sprach Florian Weimer [EMAIL PROTECTED] [2006.03.02.2006 +0100]:
By default, package authenticity is not validated in sarge and
earlier releases. From a security POV, it's better to download
those updates from a limited set of well-maintained servers. It
reduces the attack surface
also sprach Michael Stone [EMAIL PROTECTED] [2006.03.02.2032 +0100]:
The explanation is far simpler--debian *does* have mirrors of
security.debian.org. At the moment I see three hosts in the rotation.
Yeah, push, not pull mirrors.
--
Please do not send copies of list mail to me; I read
On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote:
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can use the DSA posting as a trigger.
Usually, cron-apt has already
* Marc Haber:
On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote:
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can use the DSA posting as a trigger.
Usually, cron
On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote:
On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote:
* Geoff Crompton:
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
You can
On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote:
How would you implement the automatism to trigger the update on the
incoming e-mail?
procmail, matching on new mails to the debian-security-announce
mailing list ..
Steve
--
Debian GNU/Linux System Administration
On Thu, Mar 02, 2006 at 11:09:28PM +0100, Florian Weimer wrote:
* Marc Haber:
How would you implement the automatism to trigger the update on the
incoming e-mail?
I typically use an Exim .forward file which invokes a special script
using pipe. The script creates a file, and a cron job
* martin f. krafft:
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical domain where sometimes
it's very important to have updates without any delays.
One day more or less doesn't really matter. So far, Debian security
updates predated
, Debian security
updates predated widespread (semi-)automated exploits by weeks.
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
also sprach Florian Weimer [EMAIL PROTECTED] [2006.03.01.2255 +0100]:
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical domain where sometimes
it's very important to have updates without any delays.
One day more or less doesn't
Am 2006-02-20 14:28:12, schrieb Michal Sabala:
I'm considering starting to mirror security. I don't see a reason why
security repository shouldn't be mirrored, while in reality tampering with
packages on _any_ repository has the same outcome.
debian-security is allready mirrored by some
also sprach Michelle Konzack [EMAIL PROTECTED] [2006.02.25.2036 +0100]:
debian-security is allready mirrored by some servers including
ftp://ftp.de.debian.org/debian-security/
You are not really supposed to use those as they are pulled once
daily only, and security is a time-critical
also sprach Michal Sabala [EMAIL PROTECTED] [2006.02.20.2328 +0100]:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
Please see
http://lists.debian.org/debian-security/2006/02/msg00041.html
Editing /etc/hosts to contain:
128.101.80.133
, Michael Sabala wrote:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
I checked traceroute to 82.94.249.158 from two different ISPs.
When the route goes through:
ameritech-sbcglobal-he.net-xs4all.net then it is fine. (15 hops)
If it goes through
On Tue, Feb 21, 2006 at 09:18:16AM +0100, martin f krafft wrote:
also sprach Michal Sabala [EMAIL PROTECTED] [2006.02.20.2328 +0100]:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
Please see
http://lists.debian.org/debian-security/2006/02
also sprach Brett Parker [EMAIL PROTECTED] [2006.02.21.1023 +0100]:
*blink* - erm, just out of interest, how does this help? This is just
going to stop packets from going to that IP, it's not going to stop
things resolving to that IP, so instead of getting a slow connection
you're just going
On Tue, Feb 21, 2006 at 09:23:07AM +, Brett Parker wrote:
*blink* - erm, just out of interest, how does this help? This is just
going to stop packets from going to that IP, it's not going to stop
things resolving to that IP, so instead of getting a slow connection
you're just going to get
On Mon, Feb 20, 2006 at 06:25:47PM -0800, Michael Sabala wrote:
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
I checked traceroute to 82.94.249.158 from two different ISPs.
When the route goes through:
ameritech-sbcglobal-he.net-xs4all.net
For the past month or so security updates have been very slow for us
(~5KB/sec). It appears that the first A record for the
security.debian.org is the problem.
host -t a security.debian.org
security.debian.org has address 82.94.249.158 - slow
security.debian.org has address 128.101.80.133
* Quoting Michal Sabala ([EMAIL PROTECTED]):
For the past month or so security updates have been very slow for us
(~5KB/sec). It appears that the first A record for the
security.debian.org is the problem.
host -t a security.debian.org
security.debian.org has address 82.94.249.158
1 - 100 of 294 matches
Mail list logo