Hi there, As part of Electron[1], we're investigating using snapshots.debian.org to build reproducible sysroot bundles in CI for similar reasons to Mozilla. I'm also interested in working with Chromium to upstream those changes, so that all embedders of Chromium can build reproducible custom sysroot snapshots. However, being unable to access snapshot.debian.org from AWS is blocking this endeavour.
I'd be happy to work with the maintainers to find a solution that works for our use case (which is to download ~350 packages for each of 6 platforms whenever we build a sysroot image, which is once every 2-3 months or so) and doesn't put a significant strain on snapshot.debian.org resources. iptables connlimit has already been suggested—I'm far from familiar with iptables and even less familiar with Debian's setup, but perhaps something like the attached patch could be a starting point? I used the rules in [2] as inspiration. [1]: https://electronjs.org [2]: https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/apache2/manifests/dynamic.pp
snapshot_ratelimiting.patch
Description: Binary data
