Re: When should we https our mirrors?

To: debian-devel@lists.debian.org
Subject: Re: When should we https our mirrors?
From: Tollef Fog Heen <tfheen@err.no>
Date: Mon, 24 Oct 2016 19:26:37 +0200
Message-id: <[🔎] 877f8x3bg2.fsf@xoog.err.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20161024155100.GA12075@cassiel.pault.ag> (Paul Tagliamonte's message of "Mon, 24 Oct 2016 11:51:00 -0400")
References: <[🔎] CAPgP4gxcptXTNcEFb5Jf+SkAYPWSuXwRVAoiqmABG_+gDCdGYw@mail.gmail.com> <[🔎] 20161024085921.rirykzuqhzopvhyo@bunk.spdns.de> <[🔎] CAPgP4gwDQEiFdzd4VHEoLSvX7vOOTGmAjQ5QF-=5FCxhW1sAJw@mail.gmail.com> <[🔎] 20161024120822.mwbkanqfxijpfhk4@bunk.spdns.de> <[🔎] 22542.8727.163092.378727@chiark.greenend.org.uk> <[🔎] 20161024155100.GA12075@cassiel.pault.ag>

]] Paul Tagliamonte 

> On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote:
> > It is also evident that there are some challenges for deploying TLS on
> > a mirror network and/or CDN.  I don't think anyone is suggesting
> > tearing down our existing mirror network.
> 
> https://deb.debian.org/ is now set up (thanks, folks!), so my attention
> is now shifted away from the push to https all the things (not everyone
> will, so I just want a stable well-used domain that could be a sensable
> default, and let those who don't want to move forward stay in the past)
> and on to considering the apt https transport and thoughts on how this
> could become part of the base install.

Note that the performance of HTTPS there is worse than for HTTP due to a
lack of SRV support in apt-transport-https, though, which means it falls
back to doing HTTP redirects.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

Follow-Ups:
- Re: When should we https our mirrors?
  - From: David Kalnischkies <david@kalnischkies.de>

References:
- Re: When should we https our mirrors?
  - From: Kristian Erik Hermansen <kristian.hermansen@gmail.com>
- Re: When should we https our mirrors?
  - From: Adrian Bunk <bunk@stusta.de>
- Re: When should we https our mirrors?
  - From: Kristian Erik Hermansen <kristian.hermansen@gmail.com>
- Re: When should we https our mirrors?
  - From: Adrian Bunk <bunk@stusta.de>
- Re: When should we https our mirrors?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: When should we https our mirrors?
  - From: Paul Tagliamonte <paultag@debian.org>

Prev by Date: Re: awesome, it's done! (Re: When should we https our mirrors?)
Next by Date: Re: Bug#841851: ITP: bind-key -- simple way to manage personal keybindings
Previous by thread: Re: awesome, it's done! (Re: When should we https our mirrors?)
Next by thread: Re: When should we https our mirrors?
Index(es):
- Date
- Thread