FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 04-04-2010, 11:03 AM
Robert Collins
 
Default Best practices for development workstations

On Sun, 2010-04-04 at 12:27 +0200, Petter Reinholdtsen wrote:
> [Robert Collins]
> > Wearing my squid upstream hat: please file bugs if squid is
> > misbehaving. Squid is used in many high volume high load web sites,
> > so if there are reliability bugs we really really want to know about
> > them.
>
> If you really plan to fix apt and squid related problems, it would be
> nice if #565555 was fixed.

HTTP pipelining is broken; don't use it. (Its now considered
fundamentally insecure - see the HTTP Smuggling whitepaper for all the
gory details). We're unlikely to ever invest a lot of time in it:
browsers are now going for many parallel TCP connections, and the HTTP
working group is blessing more connections as good practice. (This is vs
deep pipelining).

That said, squid handing back a truncated response is definitely a bug,
if it is indeed squid causing that (the bug doesn't have enough data to
tell - a tcpdump of a broken session would help, I suspect).

> Also, the default setup for Squid do not allow it to proxy all
> packages in the archive (the maximum_object_size is too small). In
> Debian Edu, we increased it from 20480 KB to 153600 KB, to allow the
> openartwork and fluid-soundfound packages to be proxied. In Debian
> Edu, PXE installation is set up out of the box, and to use it for
> several machines it is vital to proxy also the big packages.

Michael has created a squid-deb-proxy in Ubuntu, which should be pretty
trivial to include in Debian, that configures squid appropriately for
apt; and advertises it over avahi; squid-deb-proxy-client teaches apt to
use a zeroconf configured proxy.

-Rob
 
Old 04-05-2010, 09:40 PM
Carsten Hey
 
Default Best practices for development workstations

* John Goerzen <jgoerzen@complete.org> [2010-03-29 19:03 -0500]:
> Suggestions?

Sounds like you should consider trying vserver or similar. It consumes
less resources than "real virtualisation" but provides better networking
isolation than simple chroots.

You would need a kernel with vserver support (Debian provides some for
lenny and squeeze), util-vserver and vserver-debiantools. The commands
newvserver and vserver are sufficient to begin.


Carsten


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100405214020.GA25830@foghorn.stateful.de">http://lists.debian.org/20100405214020.GA25830@foghorn.stateful.de
 
Old 04-05-2010, 09:42 PM
Mikhail Gusarov
 
Default Best practices for development workstations

Twas brillig at 19:03:00 29.03.2010 UTC-05 when jgoerzen@complete.org did gyre and gimble:

JG> Suggestions?

LXC

--
http://fossarchy.blogspot.com/
 
Old 01-17-2011, 10:58 PM
Yaroslav Halchenko
 
Default Best practices for development workstations

Hi Manoj,

Could you please briefly outline (or may be you have it described
somewhere already) the setup of your SELinux-fortified building
environment? I am still boiling the idea of securing/monitoring build
environment, issue I have raised in "securing/monitoring Debian devel
environment" thread

thank you in advance!

On Mon, 29 Mar 2010, Manoj Srivastava wrote:
> > 2b. Xen, KVM, qemu, or VirtualBox

> I have a desktop (and a separate laptop) both running Sid. I
> have a virtual machine that runs SELinux in strict mode for package
> building on the desktop. I do not test on the build virtual machine;
> most of my testing is done on my desktop.

--
=------------------------------------------------------------------=
Keep in touch www.onerussian.com
Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110117235804.GA18918@onerussian.com">http://lists.debian.org/20110117235804.GA18918@onerussian.com
 

Thread Tools




All times are GMT. The time now is 08:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org