On Thu, 2020-02-06 at 07:41 +0000, Andy Simpkins wrote: > It isn't safe to mirror security patches because we can not assure > the integrity of the updates on a mirror server.
The security mirrors are secured by by apt using the same cryptographic signatures as the other suites, so that's not true, they can be mirrored just fine (at least in principal, I don't know how much of the mirror network actually carries them). I think the real reason the default security sources are the main/central one is to reduce the latency in getting critical/urgent fixes out (i.e. no need to wait for a mirror pulse), but if that doesn't work for a given setup there's no reason not to change to use a mirror, it looks like deb.debian.org supports security so presumably that's a good bet. Ian.
