On Fri, Jan 26, 2001 at 08:04:21AM -0600, Mike Renfro wrote:
> On Thu, Jan 25, 2001 at 08:51:07PM +0100, Martin Schulze wrote:
>
> > Please don't do that. Security updates should come *only* from
> > security.debian.org. This was discussed a while, you should be
> > able to find some blurb about it in the debian-devel archive, I
> > guess.
>
> Personally, I'd rather not mirror it, but our bandwidth is almost
> completely saturated 17-19 hours/day, so if I (or any other local
> Debian-using people) want to get security updates during the day, a
> local mirror updated nightly appeared to be the easiest option.
>
> What are my other options -- I have frequently had timeouts trying to
> make updates from security.debian.org during the day. Assume the
> people in charge of managing our bandwidth are doing all they can, and
> the saturation problem isn't going away anytime soon.
You're talking about a private mirror. That wasn't the original
poster's intent (my reading anyway).
I believe the point is that people shouldn't be retrieving security
updates from "untrusted" sources. I can see the point, although
there's not really a guarantee that security.debian.org is who they
say they are :-)
It seems to me that if you're willing to update machines from a local
private mirror due to bandwidth or connectivity constraints, that's
your perogative. Making that mirror publically accessible would
violate the spirit of security.debian.org however ...
--
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Inc. | than a perfect plan tomorrow.
mailto:[EMAIL PROTECTED] | -- Patton
PGP signature
