[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: doughnuts on a fish hook

Magnus wrote:
> On Tuesday, August 26, 2003, at 07:17 PM, Jay Turner wrote:
>     Actually, following up on my own post, I need to clarify
>     something.  The license for RHEL 2.1 states that if you have
>     support (which includes RHN) for one install, then you will have
>     it for all installations. So, in that case, if you are in
>     compliance, then all of your installations would have RHN
>     support and there would be no need to download the errata from
>     RHN then push it out to other machines. Sorry for the confusion.
> Well, there *is* a need actually.
> Let's say Joe has 50 RHEL servers, all pretty much identical, and
> properly licensed. There is a flurry of security activity one week
> and it takes about 50MB of new packages to patch one system. That's
> not much of a reach.  Each of the 50 servers downloads 50MB of
> packages through https (i.e. not cached anywhere) over Joe's single
> business class DSL connection. 2500MB of downloads, split up across
> 50 clients, all hitting a DSL connection at once (not to mention the
> RHN servers). This is lunacy.

Better than Daniel's recent suggestion, IMHO is the useNoSSLForPackages
option.  Point all of your servers at the same squid proxy, turn on the
use no SSL option, and all is well.

On that note, there's no good reason for packages to be downloaded via
SSL, since they're all GPG signed anyway.  Can we have
useNoSSLForPackages=1 made the default in the next version of RHL?

Attachment: pgp00024.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]