Features Download
From: =?iso-8859-1?Q?Ingo_J=FCrgensmann?= <ij <at> 2013.bluespice.org>
Subject: Re: Possibly moving Debian services to a CDN
Newsgroups: gmane.linux.debian.devel.project
Date: Sunday 13th October 2013 11:53:16 UTC (over 3 years ago)
Am 13.10.2013 um 08:44 schrieb Tollef Fog Heen :

> The System Administration Team (DSA) are considering moving some of the
> static hosting that Debian currently provides from our infrastructure to
> one or more CDNs. We have received feedback indicating that a broader
> discussion is desired.
> [...]
> We appreciate feedback while we continue our investigation of CDNs.

Although I understand that there will be some benefits of using a CDN, I
see some issues as well: 

1) Privacy concerns: Debian would deliver much more data to business
companies than necessary. Keep in mind that personalized data is one of the
most valuable things to data miners. Currently I choose one mirror site to
pull my packages from. I can freely choose that mirror on basis of
location, bandwidth, personal likes or, let's say, privacy reasons because
I know that this specific mirror doesn't log my IPs. 
When using a CDN, at least in that way I understood your proposal, I'm not
free to choose anymore. The company running that CDN will obtain all of
data like how many machines are behind a subnet or IP, what kind of
machines (intel, sparc, powerpc, m68k, ...) and might know if I forget to
update a machine (security). 

2) Integrity concerns: although Debian uses signed package lists and hashed
packages, using a CDN would raise the chances that there might be attack
vectors by manipulating the traffic. Maybe not be the will of the running
company, but there are other groups that might have interest and the power
to intercept traffic and manipulating it. This is, of course, also true to
current mirror sites, but a centralized CDN will be more convenient to such
kind of attackers.

3) Surveillance concerns: together with 1) and 2) goes this one... Using a
CDN would make it easier to secret services to collect data, because they
have a single point where they can get all wanted data from instead of
monitoring several providers and connections. 

4) Dependency concerns: as a project Debian should be as independent as
possible. Using a CDN provider will create a big dependency to a specific
company, although we might be able to shift companies from time to time.
Using multiple CDN providers will mitigate that concern a little bit, but
only to a certain degree. Having too many CDN providers will be as
difficult to handle as now the many FTP mirror donators. So, there's some
trade-off anyway. 

So, after all my strongest concerns are 1), 2) and 3), of course. I'm not a
big fan of centralized solutions, but more a great friend of de-centralised
ones. Having monocultures is always a bad thing and using large CDNs is
driving that kind of monoculture. Diversity is enrichment and should be
chosen whenever possible. 

Ciao...            //      Fon: 0381-2744150
      Ingo       \X/       http://blog.windfluechter.net

gpg pubkey:  http://www.juergensmann.de/ij_public_key.asc
CD: 3ms