DebConf24 - Leveraging Deterministic Updates to Improve the Customer Experience on Debian
Speakers: Maulik Shah & Noah Meyerhans & Koshy John
Track: Security
Type: Long talk (45 minutes)
Room: Bada
Time: Jul 29 (Mon): 14:30
Duration: 0:45
Every change to a production system carries risk, and this risk is magnified when applications are distributed across hundreds or thousands of hosts. Security updates to Debian are published on an as-needed basis with no ability to predict in advance what package will change at any given moment, which means that an update from the repositories is nondeterministic over time. The apt update/apt upgrade operation performed today may behave differently from the one performed yesterday.
In this talk we present a deterministic update strategy based on snapshot support introduced with apt 2.7.0. Using apt snapshots, administrators can lock their systems to a specific point-in-time view of the Debian package repositories backed by snapshot.debian.org. This approach provides repeatable and deterministic update behavior with a number of safety benefits that the administrator can incorporate into their infrastructure testing and deployment strategy in a variety of ways:
Pre-production testing that reflects what’s subsequently going to be deployed to production
The ability to execute phased updates following a ring-based deployment pattern
Building on this foundation, Microsoft has added support for Debian within Microsoft Azure Guest Patching Service. We describe this service and how it can be used to safely and reliably manage fleets of any size within the Microsoft Azure cloud computing environment; while providing the capabilities listed above.
Azure’s Safe Deployment Principles monitor the rollout of an update on VMs. Azure pauses a rollout and pushes a new update if a regression is detected on a VM. The same safety mechanism will be in place with Debian Snapshots.
By pinning an update for a customer’s fleet across regions, Azure is simplifying the way customers keep their assets secure through Debian Snapshots.
etherpad
https://pad.dc24.debconf.org/p/131-leveraging-deterministic-updates-to-improve-t
-
LIVE
TruthStream with Joe and Scott
5 days agoSovereign Codes & Cosmic Infrastructure,Ufo's, UAP's, Monads, Matrix Satellites, Interstellar Visitors, SYRONA #505
173 watching -
LIVE
Lofi Girl
2 years agoSynthwave Radio 🌌 - beats to chill/game to
155 watching -
5:55:11
MattMorseTV
8 hours ago $71.54 earned🔴Trump's '60 Minutes' INTERVIEW + MUCH MORE.🔴
127K37 -
2:02:36
Badlands Media
13 hours agoBaseless Conspiracies Ep. 157: Jack the Ripper, the Crash & the Great Disclosure Countdown
25.3K17 -
2:06:09
Inverted World Live
9 hours agoMysterious Crash at Area 51 | Ep. 134
24.4K12 -
2:48:59
TimcastIRL
7 hours agoTrump Endorses Cuomo, Says NO COMMIE MAMDANI, Obama REFUSES To Endorse Mamdani | Timcast IRL
260K168 -
5:51:16
Drew Hernandez
1 day agoGOP CIVIL WAR: TUCKER CARLSON DERANGEMENT SYNDROME AT ALL TIME HIGH
46.5K40 -
14:44
Sponsored By Jesus Podcast
1 day agoYou Can't Serve God & MONEY | Is Money the Root of All Evil?
19.9K20 -
2:47:28
Barry Cunningham
11 hours agoYOU'VE BEEN MISINFORMED! GREED IS ACTUALLY GOOD! ESPECIALLY NOW! (AND MORE NEWS)
96.1K41 -
7:18:24
SpartakusLIVE
10 hours agoSNIPING in Battlefield 6 - REDSEC || Monday MOTIVATION to CONQUER the Week
54K6