Re: Default security sources are slow very much.

[Cyril Brulebois]

Hi,

ykla  (2020-02-05):
> OK, the install cd ask me to change mirrors to download somethings but not
> changes security sources. Default source is http://security.debian.org/
> that is slow very much, about 1kb/s on my area. Please change security
> sources when os changes main source or ban security while installing
> system.

You can disable the security sources by using the expert install.

You can also set apt-setup/security_host to something else if needed.

You can also tweak apt-setup/services-select to exclude security if needed.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Re: Default security sources are slow very much.

[Andy Simpkins]

I stand corrected.
I learned somthing new today
Thanks

On 6 February 2020 12:54:03 GMT, Ian Campbell  wrote:
>On Thu, 2020-02-06 at 07:41 +, Andy Simpkins wrote:
>> It isn't safe to mirror security patches because we can not assure
>> the integrity of the updates on a mirror server.
>
>The security mirrors are secured by by apt using the same cryptographic
>signatures as the other suites, so that's not true, they can be
>mirrored just fine (at least in principal, I don't know how much of the
>mirror network actually carries them).
>
>I think the real reason the default security sources are the
>main/central one is to reduce the latency in getting critical/urgent
>fixes out (i.e. no need to wait for a mirror pulse), but if that
>doesn't work for a given setup there's no reason not to change to use a
>mirror, it looks like deb.debian.org supports security so presumably
>that's a good bet.
>
>Ian.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Default security sources are slow very much.

[Ian Campbell]

On Thu, 2020-02-06 at 07:41 +, Andy Simpkins wrote:
> It isn't safe to mirror security patches because we can not assure
> the integrity of the updates on a mirror server.

The security mirrors are secured by by apt using the same cryptographic
signatures as the other suites, so that's not true, they can be
mirrored just fine (at least in principal, I don't know how much of the
mirror network actually carries them).

I think the real reason the default security sources are the
main/central one is to reduce the latency in getting critical/urgent
fixes out (i.e. no need to wait for a mirror pulse), but if that
doesn't work for a given setup there's no reason not to change to use a
mirror, it looks like deb.debian.org supports security so presumably
that's a good bet.

Ian.

Re: Default security sources are slow very much.

[Andy Simpkins]

Sorry.  No.
It isn't safe to mirror security patches because we can not assure the 
integrity of the updates on a mirror server.

We are aware that bandwidth is limited either for financial or geographic 
reasons.This is why you can install from local media without network 
access.  

However any updates AFTER that image has been created will need to be 
downloaded from somewhere.

All i can suggest is that you install images of the latest release (there is a 
point release this comming weekend) as this will include all the fixes 
currently available...

On 5 February 2020 01:34:59 GMT, ykla  wrote:
>OK, the install cd ask me to change mirrors to download somethings but
>not
>changes security sources. Default source is http://security.debian.org/
>that is slow very much, about 1kb/s on my area. Please change security
>sources when os changes main source or ban security while installing
>system.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Default security sources are slow very much.

[ykla]

OK, the install cd ask me to change mirrors to download somethings but not
changes security sources. Default source is http://security.debian.org/
that is slow very much, about 1kb/s on my area. Please change security
sources when os changes main source or ban security while installing
system.