On 24 July 2013 11:08, Scott Kitterman <[email protected]> wrote: > On Wednesday, July 24, 2013 11:00:40 AM Daniel J Blueman wrote: >> Perhaps we have two issues here: > .... >> The 20% additional download due to sources [1] would help both issues, >> but perhaps of bigger impact, trusting the country-level mirror for >> the security updates? > ... > You aren't. Security updates are pushed first to security.ubuntu.com and then > copied to archive.ubuntu.com and mirrored from there. The security pocket > isn't mirrored so you always hit it directly and if a country mirror lags, you > get the package from security.ubuntu.com. Also, the signing key is the same > Ubuntu archive signing key whether you're getting a package form > archive.ubuntu.com or a country mirror, so you aren't trusting the country > mirror cryptographically either.
What I meant, if the country-level archive is sync'd every 12-24 hours, would it be sufficient to download the security pocket from <cc>.archive.ubuntu.com? It is mirrored, so this would alleviate the second issue. Daniel -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
