Re: first A record of security.debian.org extremely slow

Am 2006-03-02 23:09:28, schrieb Florian Weimer: > I typically use an Exim .forward file which invokes a special script > using "pipe". The script creates a file, and a cron job which runs > periodically checks for the existence of that file and performs the > desired action when it exists. This

Re: first A record of security.debian.org extremely slow

Am 2006-03-02 20:06:48, schrieb Florian Weimer: > You can use the DSA posting as a trigger. This is, what I allready do... My local mirror check the mailbox all 5 minutes and if a security update comes in it download immediatly... Currently I am writing a new script which will do this with

Re: first A record of security.debian.org extremely slow

* Michelle Konzack: > 1) Download Packages.gz/Sources.gz and check for changes I think you should look at the Release file first, at least if you don't use If-Modified-Since or similar conditional requests. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Tro

Re: first A record of security.debian.org extremely slow

also sprach Michelle Konzack <[EMAIL PROTECTED]> [2006.02.28.1824 +0100]: > I can not use rsync because I have a different directory structure AND > I do not want to kill one of the security mirrors of debian, fow often > should I poll the Packages.gz/Sources.gz for changes daily? Once. -- Pleas

Re: first A record of security.debian.org extremely slow

Am 2006-02-27 15:31:20, schrieb martin f krafft: > also sprach Michelle Konzack <[EMAIL PROTECTED]> [2006.02.25.2036 +0100]: > > debian-security is allready mirrored by some servers including > > > > > > You are not really supposed to use those as th

Re: first A record of security.debian.org extremely slow

Florian Weimer wrote: >> Usually, cron-apt has already noticed that there is an update >> available before the DSA posting comes in. > > This is by design; the DSA is delayed until the archive has been > updated properly (which means that it has arrived at all mirrors). That's because the included

Re: first A record of security.debian.org extremely slow

On Mon, 06 Mar 2006 at 10:49:45 +, paddy wrote: > On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Pe?a > wrote: > > > > I don't believe it does. Cron-apt is a pull mechanism (download the > > latest packages, check if there are upgrades and notify the admin). > > A mail f

Re: first A record of security.debian.org extremely slow

On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Peña wrote: > On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote: > > On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote: > > > You can trigger the update via ssh or wget. > > > > The entire scheme strikes me as rei

Re: first A record of security.debian.org extremely slow

On Fri, Mar 03, 2006 at 11:13:52AM +0100, Marc Haber wrote: > On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote: > > You can trigger the update via ssh or wget. > > The entire scheme strikes me as reinventing a mechanism which has been > existing for years now, being called cron-apt. I do

Re: first A record of security.debian.org extremely slow

On Fri, Mar 03, 2006 at 11:11:30AM +0100, Rolf Kutz wrote: > You can trigger the update via ssh or wget. The entire scheme strikes me as reinventing a mechanism which has been existing for years now, being called cron-apt. Greetings Marc -- --

Re: first A record of security.debian.org extremely slow

* Quoting Marc Haber ([EMAIL PROTECTED]): > On Thu, Mar 02, 2006 at 11:09:28PM +0100, Florian Weimer wrote: > > > > I typically use an Exim .forward file which invokes a special script > > using "pipe". The script creates a file, and a cron job which runs > > periodically checks for the existenc

Re: first A record of security.debian.org extremely slow

On Thu, Mar 02, 2006 at 11:09:28PM +0100, Florian Weimer wrote: > * Marc Haber: > > How would you implement the automatism to trigger the update on the > > incoming e-mail? > > I typically use an Exim .forward file which invokes a special script > using "pipe". The script creates a file, and a cr

Re: first A record of security.debian.org extremely slow

On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote: > How would you implement the automatism to trigger the update on the > incoming e-mail? procmail, matching on new mails to the debian-security-announce mailing list .. Steve -- Debian GNU/Linux System Administration http://www.debi

Re: first A record of security.debian.org extremely slow

On Thu, Mar 02, 2006 at 10:36:16PM +0100, Marc Haber wrote: > On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote: > > * Geoff Crompton: > > > I'm also wondering if security.debian.org has enough resources for every > > > single debian box on the planet checking it every X minutes. > >

Re: first A record of security.debian.org extremely slow

* Marc Haber: > On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote: >> * Geoff Crompton: >> > I'm also wondering if security.debian.org has enough resources for every >> > single debian box on the planet checking it every X minutes. >> >> You can use the DSA posting as a trigger. > >

Re: first A record of security.debian.org extremely slow

On Thu, Mar 02, 2006 at 08:06:48PM +0100, Florian Weimer wrote: > * Geoff Crompton: > > I'm also wondering if security.debian.org has enough resources for every > > single debian box on the planet checking it every X minutes. > > You can use the DSA posting as a trigger. Usually, cron-apt has alr

Re: first A record of security.debian.org extremely slow

also sprach Michael Stone <[EMAIL PROTECTED]> [2006.03.02.2032 +0100]: > The explanation is far simpler--debian *does* have mirrors of > security.debian.org. At the moment I see three hosts in the rotation. Yeah, push, not pull mirrors. -- Please do not send copies of list mail to me; I read t

Re: first A record of security.debian.org extremely slow

also sprach Florian Weimer <[EMAIL PROTECTED]> [2006.03.02.2006 +0100]: > By default, package authenticity is not validated in sarge and > earlier releases. From a security POV, it's better to download > those updates from a limited set of well-maintained servers. It > reduces the attack surface s

Re: first A record of security.debian.org extremely slow

On Thu, Mar 02, 2006 at 08:06:07PM +0100, Florian Weimer wrote: * martin f. krafft: Why then do you think security.d.o is not mirrored by Debian? Our mirror network is not actually well-known for its integrity (think The explanation is far simpler--debian *does* have mirrors of security.deb

Re: first A record of security.debian.org extremely slow

* Geoff Crompton: > I'm also wondering if security.debian.org has enough resources for every > single debian box on the planet checking it every X minutes. You can use the DSA posting as a trigger. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact

Re: first A record of security.debian.org extremely slow

* martin f. krafft: >> One day more or less doesn't really matter. So far, Debian security >> updates predated widespread (semi-)automated exploits by weeks. > > Why then do you think security.d.o is not mirrored by Debian? Our mirror network is not actually well-known for its integrity (think p

Re: first A record of security.debian.org extremely slow

also sprach Florian Weimer <[EMAIL PROTECTED]> [2006.03.01.2255 +0100]: > > You are not really supposed to use those as they are pulled once > > daily only, and security is a time-critical domain where sometimes > > it's very important to have updates without any delays. > > One day more or less d

Re: first A record of security.debian.org extremely slow

Florian Weimer wrote: > * martin f. krafft: > > >>You are not really supposed to use those as they are pulled once >>daily only, and security is a time-critical domain where sometimes >>it's very important to have updates without any delays. > > > One day more or less doesn't really matter. So

Re: first A record of security.debian.org extremely slow

* martin f. krafft: > You are not really supposed to use those as they are pulled once > daily only, and security is a time-critical domain where sometimes > it's very important to have updates without any delays. One day more or less doesn't really matter. So far, Debian security updates predat

Re: first A record of security.debian.org extremely slow

also sprach Michelle Konzack <[EMAIL PROTECTED]> [2006.02.25.2036 +0100]: > debian-security is allready mirrored by some servers including > > You are not really supposed to use those as they are pulled once daily only, and security is a time-critica

Re: first A record of security.debian.org extremely slow

Am 2006-02-20 14:28:12, schrieb Michal Sabala: > I'm considering starting to mirror security. I don't see a reason why > security repository shouldn't be mirrored, while in reality tampering with > packages on _any_ repository has the same outcome. debian-security is allready mirrored by some ser

Re: first A record of security.debian.org extremely slow

On Tue, Feb 21, 2006 at 09:23:07AM +, Brett Parker wrote: > *blink* - erm, just out of interest, how does this help? This is just > going to stop packets from going to that IP, it's not going to stop > things resolving to that IP, so instead of getting a slow connection > you're just going to g

Re: first A record of security.debian.org extremely slow

also sprach Brett Parker <[EMAIL PROTECTED]> [2006.02.21.1023 +0100]: > *blink* - erm, just out of interest, how does this help? This is just > going to stop packets from going to that IP, it's not going to stop > things resolving to that IP, so instead of getting a slow connection > you're just go

Re: first A record of security.debian.org extremely slow

On Tue, Feb 21, 2006 at 09:18:16AM +0100, martin f krafft wrote: > also sprach Michal Sabala <[EMAIL PROTECTED]> [2006.02.20.2328 +0100]: > > host -t a security.debian.org > > security.debian.org has address 82.94.249.158 <- slow > > Please see > http://lists.debian.org/debian-security/20

Re: first A record of security.debian.org extremely slow

also sprach Michal Sabala <[EMAIL PROTECTED]> [2006.02.20.2328 +0100]: > host -t a security.debian.org > security.debian.org has address 82.94.249.158 <- slow Please see http://lists.debian.org/debian-security/2006/02/msg00041.html > Editing /etc/hosts to contain: > 128.101.80.133 securi

Re: first A record of security.debian.org extremely slow

--- Rolf Kutz <[EMAIL PROTECTED]> wrote: > * Quoting Michal Sabala ([EMAIL PROTECTED]): > > > For the past month or so security updates have been very slow for us > > (~5KB/sec). It appears that the first A record for the > > security.debian.org is the problem. > > > > host -t a security.debian.

Re: first A record of security.debian.org extremely slow

* Quoting Michal Sabala ([EMAIL PROTECTED]): > For the past month or so security updates have been very slow for us > (~5KB/sec). It appears that the first A record for the > security.debian.org is the problem. > > host -t a security.debian.org > security.debian.org has address 82.94.249.158 <-

first A record of security.debian.org extremely slow

For the past month or so security updates have been very slow for us (~5KB/sec). It appears that the first A record for the security.debian.org is the problem. host -t a security.debian.org security.debian.org has address 82.94.249.158 <- slow security.debian.org has address 128.101.80.133 s