On Sun, 2010-04-04 at 12:27 +0200, Petter Reinholdtsen wrote: > [Robert Collins] > > Wearing my squid upstream hat: please file bugs if squid is > > misbehaving. Squid is used in many high volume high load web sites, > > so if there are reliability bugs we really really want to know about > > them. > > If you really plan to fix apt and squid related problems, it would be > nice if #565555 was fixed. HTTP pipelining is broken; don't use it. (Its now considered fundamentally insecure - see the HTTP Smuggling whitepaper for all the gory details). We're unlikely to ever invest a lot of time in it: browsers are now going for many parallel TCP connections, and the HTTP working group is blessing more connections as good practice. (This is vs deep pipelining). That said, squid handing back a truncated response is definitely a bug, if it is indeed squid causing that (the bug doesn't have enough data to tell - a tcpdump of a broken session would help, I suspect). > Also, the default setup for Squid do not allow it to proxy all > packages in the archive (the maximum_object_size is too small). In > Debian Edu, we increased it from 20480 KB to 153600 KB, to allow the > openartwork and fluid-soundfound packages to be proxied. In Debian > Edu, PXE installation is set up out of the box, and to use it for > several machines it is vital to proxy also the big packages. :) Michael has created a squid-deb-proxy in Ubuntu, which should be pretty trivial to include in Debian, that configures squid appropriately for apt; and advertises it over avahi; squid-deb-proxy-client teaches apt to use a zeroconf configured proxy. -Rob
Attachment:
signature.asc
Description: This is a digitally signed message part