On Fri, Dec 22, 2023 at 09:54:45AM +0100, Moritz Muehlenhoff wrote: > One solution which has been discussed in the past is to import a full copy > of stable towards stable-security at the beginning of each release cycle, > but that is currently not possible since security-master is a Ganeti VM > and the disk requirements for a full archive copy would rather require > a baremetal host.
I don't think we are constrained by disk space here. I understand you are talking about a full import here, rather than referencing data elsewhere. We could make disk available for that. But it'd be nicer if dak could do an overlay pool. I feel like people might in general want to be able to do that. Replicating projectb onto the VM would be one option - I think we'd not even need the data pool, as all checksums are in the files table anyway. If we need to provide a mirror to the VM, we can do that via NFS. There's a security question here somewhere about importing untrusted data from other places, but we are already ultimately trusting ftp-master so I'm not sure it actually makes a different. Kind regards Philipp Kern
