Source packages appropriate by default?
Scott Kitterman
ubuntu at kitterman.com
Wed Jul 24 03:08:20 UTC 2013
On Wednesday, July 24, 2013 11:00:40 AM Daniel J Blueman wrote:
> Perhaps we have two issues here:
....
> The 20% additional download due to sources [1] would help both issues,
> but perhaps of bigger impact, trusting the country-level mirror for
> the security updates?
...
You aren't. Security updates are pushed first to security.ubuntu.com and then
copied to archive.ubuntu.com and mirrored from there. The security pocket
isn't mirrored so you always hit it directly and if a country mirror lags, you
get the package from security.ubuntu.com. Also, the signing key is the same
Ubuntu archive signing key whether you're getting a package form
archive.ubuntu.com or a country mirror, so you aren't trusting the country
mirror cryptographically either.
Scott K
More information about the Ubuntu-devel-discuss
mailing list