On Tue, Feb 3, 2015 at 7:38 AM, Karanbir Singh mail-lists@karan.org wrote:
Hi,
At the end of the Dojo in Brussels, I had the chance to field the question to our contributor audience : how can we get security updates out to the user machines faster.
At the moment, things are setup like any other distro or large open source content network is : we rsync in stages, and external mirrors pickup every 4 to 6 hours, some external mirrors pickup from other external mirrors. Net result is that for a given update, it can be upto 16 to 18 hours before we get a majority content sync in front of most users.
Why don't you combine two concepts here. Delegate a separate set of 'security-only' update repositories that are fast, high-capacity sites. Put only the critical updates there, along with any dependencies.needed for yum to complete the update. Let someone with access to that data that you can't republish decide which updates are security related.
Not only does this reduce the needed fan-out, but it provides a much better case for leaving auto-updates enabled on that repository or at least scheduling an update at the first possible chance since it would introduce fewer arbitrary and unnecessary changes.