Received: from localhost (maia-4.hub.org [200.46.204.183]) by postgresql.org (Postfix) with ESMTP id 8E3A69FB249; Mon, 5 Feb 2007 17:22:07 -0400 (AST) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-new, port 10024) with ESMTP id 40514-06; Mon, 5 Feb 2007 17:22:04 -0400 (AST) X-Greylist: from auto-whitelisted by SQLgrey-1.7.4 X-Greylist: from auto-whitelisted by SQLgrey-1.7.4 Received: from svr2.hagander.net (svr2.hagander.net [88.198.128.226]) by postgresql.org (Postfix) with ESMTP id 9419D9FA4CA; Mon, 5 Feb 2007 17:22:04 -0400 (AST) Received: from [192.168.199.197] (c213-100-160-41.swipnet.se [213.100.160.41]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by svr2.hagander.net (Postfix) with ESMTP id 41DC9DCC158; Mon, 5 Feb 2007 22:22:03 +0100 (CET) Message-ID: <45C79FFD.4040401@hagander.net> Date: Mon, 05 Feb 2007 22:22:05 +0100 From: Magnus Hagander User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Dave Page CC: Greg Sabino Mullane , pgsql-www@postgresql.org Subject: Re: How to coordinate web team for security releases? References: <68f661154ca35b7a0afed9b83cd3ff3c@biglumber.com> <45C79DDA.5010203@postgresql.org> In-Reply-To: <45C79DDA.5010203@postgresql.org> X-Enigmail-Version: 0.94.2.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200702/47 X-Sequence-Number: 11452 Dave Page wrote: > Greg Sabino Mullane wrote: >> Dave Page wrote: >>>> What we also need is a better way to update the mirrors in a timely manner. >>> I don't see how we can do that unless we persuade all the mirrors to >>> update more than once per day, which I doubt the larger ones will do. >> Well, I was thinking more in terms of something in addition to the daily update, >> such as an hourly (or less) check that would pull in any high-priority changes[1]. >> Seems that most of the time-sensitive changes we've needed affect a very small >> subset of the pages and should not be a traffic concern. The good thing about >> such a system is that we would not even need 100% buy-in right away - the ones >> not implementing it would still get the daily update. Eventually we'd want to >> strongly encourage everyone to use it, of course. > > A nice idea, but a good number of our mirrors are big mirrors sites who > likely won't want to muck around with special configs for each site they > mirror. > > Perhaps we could group the mirrors into 'preferred' and 'normal' > sections, where the preferred ones are all on a 2 or 4 hour update. I think we've discussed this before at some point, and yeah, i think that's a good idea. At least if we can get a couple of the "big boys" in on that update schedule - when we should have enough bw to deal with almost everything, and keep the "smaller local mirrors" for those that have really bad international bandwidth. If we're going to be changing the deal around that, I think we should at the same time require that the "preferred mirrors" also support http downloads. We're seeing a regular trickle of people who can't download because their firewall won't let ftp through. And frankly, most other projects provide *only* http downloads these days ;-) Ftp doesn't really buy you anything when you do single file downloads, and we just link to that anyway. (We'd of course keep the ftp as well, given that things like freebsd ports uses them, if I'm not mistaken) //Magnus