Why announce a security update before the mirrors are synced

Tom Diehl tdiehl at rogueind.com
Wed Feb 18 21:14:15 UTC 2004 

On Wed, 18 Feb 2004 fox3ec208 at wideopenwest.com wrote:

> On Wednesday 18 February 2004 12:54, Mike Burger wrote:
> > On Wed, 18 Feb 2004 fox3ec208 at wideopenwest.com wrote:
> > > I just received the announcement for the new kernel*2714 yet no mirrors
> > > on the US east list seem to have the new rpms yet.  This is what's
> > > placeing the burden on the master when a announcement is made for an
> > > update.
> >
> > Because the folks at Fedora/Red Hat have no way to control how often or
> > when the mirrors sync up?
> 
> Yes, I suppose that's true, but they can give the mirror admins. a heads up 
> when something major is about to become available.  As it is now, us mere 
> mortals jam up the main site, complain that its slow, and keep the mirrors 
> from syncing with our added traffic to the master.  In the past, the new 
> releases test and final are on the mirrors and all open at the same time.  
> I'm sure something could be done, it would just take some effort in the 
> coordination.

You seem to be making the assumption that the mirror admins have nothing to
do except watch for Red Hat/Fedora updates. Running a mirror is a volunteer
effort. For the most part it gets done in the admin's spare time. As a result
it gets automated as much as possible. In the overall grand scheme of things
any kind of update gets done automagically by a cron job and rsync. It takes
time for the updates to make it through Red Hat's master mirror system so it
is available to the mirrors. Then it takes time for the cron job to run on the
local mirror machine. I would bet that on most mirrors the lag from start
to finish is way less than 6 hours. The kernel update is a fix for a local
exploite. If it is that important that you have it NOW you should be doing
something other than waiting for it to get to the mirrors.

IOW PLEASE have patience. I can tell you for a fact that on the US East coast
there are several well run mirrors that already have the kernel. Infact I already
have it on my local repository and it is synced from one of the public mirrors
in the eastern part of the US. The timestamp was only about 4.5 hours ago.
How fast do you need it from a system you pay NOTHING for? I think this is not
too shabby really.

FWIW:

(icarus pts4) # ll kernel-2.4.22-1.2173.nptl*
-rw-r--r--    1 2220     235      12700307 Feb 18 11:28 kernel-2.4.22-1.2173.nptl.athlon.rpm
-rw-r--r--    1 2220     235      12668837 Feb 18 11:28 kernel-2.4.22-1.2173.nptl.i586.rpm
-rw-r--r--    1 2220     235      12864559 Feb 18 11:28 kernel-2.4.22-1.2173.nptl.i686.rpm
(icarus pts4) #

It is only 3:00PM local. :-)

Just my $.02

Tom

More information about the fedora-list mailing list