On Sat, Jul 24, 2021 at 01:07:24AM -0400, Polyna-Maude Racicot-Summerside wrote: > Hi ! > How would you copy the debian security update repository ? > I know it's not recommended. > But I'd like to do so. > -- > Polyna-Maude R.-Summerside > -Be smart, Be wise, Support opensource development >
In general, this is a very bad idea because - and only because - you don't want the possibility of machines getting incorrect / out of date fixes. Security-critical things are security-critical - trying to maintain one canonical source of truth where uploads are moderated and from a known source is hard. Forcing people to go to the one source solves that problem in one sense (and may also lessen the risk of some Evil Hacker maintaining a security repository stuffed with malware and spoofing). [Having said all that: I've a feeling that security.d.o is actually a set of servers to serve Europe/Asia/N. America behind the content delivery network.] If you really, really, really want to do it properly: I'd suggest approaching the people in charge of security.d.o, having a conversation about exactly what you want to do, why and for how many people. You'd probably need to assure tham that your mirror will be relatively secure from attack - so their machines are not at risk - and then arrange for some form of push mirroring, so that they push updates to you at their convenience. This means that they will need the ability to have an account on your machine sufficiently to use ssh and forced commands to push the updates. Debian mirrors in general are updated about four times a day and it's asynchronous. Pushed updates mean that everyone gets a drip feed of updates whenever they're published. This is how several of us currently run private mirrors for the main Debian distribution. Unless you are a bank / government agency / pharmaceutical company that keeps all critical systems airgapped and entirely isolated from the Internet, maintaining a separate security mirror may be more trouble than it's worth in my opinion. All the very best, as ever, Andy Cater
