Re: HTTPS metadata in Mirrors.masterlist?

[Colin Watson <cjwatson@debian.org>]

On Tue, Feb 11, 2014 at 05:22:26PM +0100, Matus UHLAR - fantomas wrote:
> On 11.02.14 15:56, Colin Watson wrote:
> >All I have left to say is that the admins in question are my customers,
> 
> so, the company is not your customer, but its admins are?

Oh, whatever.  I'm not interested in this kind of word game.

> >I've already exhausted all the avenues of protest you suggest, and they
> >still tell me this is something they need.  Based on the work I've done
> >so far I don't think this is a particularly onerous thing to support in
> >d-i at least as an option, I'm prepared to do the work, and all I'm
> >asking for here is a bit of metadata in the mirror masterlist.  If the
> >latter can't be provided because we don't think Debian mirrors will
> >accept the load or whatever, that's fine, I can always make it
> >manual-only or whatever, but at this point it is easier for me to
> >support HTTPS than to argue about it. :-)
> 
> You can of course configure HTTPS on your server.

It's their server, not mine.

> MAybe you could configure HTTPS proxy for them. Finally, if they are
> your customers, it's up to you to provide the servicem isn't it?

Which is what I'm doing by doing this work in d-i!  Of course I could
just do it in Ubuntu but it seems better to have the code in Debian too;
it can always be mostly disabled by default so that only people who want
to turn it on need to care.

> Note that HTTPS clients verify the servers' certificate and multiple debian
> mirrors with different hostnames can not have the same certificate, nor it's
> sane to maintain different certificates for each hostname on each mirror ...

Well aware of that, thanks.

-- 
Colin Watson                                       [cjwatson@debian.org]