Re: Version for a returning package

To: debian-devel@lists.debian.org
Subject: Re: Version for a returning package
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Mon, 14 May 2012 13:50:11 +0200
Message-id: <[🔎] CAAZ6_fBcet2dhYWPoM91WiEvvHnMT+pJums+7Fj84BO46fSYaw@mail.gmail.com>
In-reply-to: <[🔎] 20120514103630.GM7068@jones.dk>
References: <[🔎] 20120513091613.GA21935@glandium.org> <[🔎] 20120513094932.GH10472@type> <[🔎] 20120513102803.GF7068@jones.dk> <[🔎] 201205131051.09830.Chris.Knadle@coredump.us> <[🔎] 20120513174113.GH7068@jones.dk> <[🔎] CAAZ6_fBPMjr3JDYNgtJVRhvQvHn9nDTVaroMmDa1vH3xvsoHdw@mail.gmail.com> <[🔎] 20120514103630.GM7068@jones.dk>

On Mon, May 14, 2012 at 12:36 PM, Jonas Smedegaard <dr@jones.dk> wrote:
> On 12-05-14 at 09:51am, David Kalnischkies wrote:
>> On Sun, May 13, 2012 at 7:41 PM, Jonas Smedegaard <dr@jones.dk> wrote:
>> > Not yet switched but renewed the old name, advertising new site one
>> > only in words - not technically with 301 redirection (yes,
>> > unsupported by APT but could be put on e.g. front page)
>>
>> The APT http method support redirects since 14. Apr 2009 (aka 0.7.21)
>> which means stable (squeeze) supports it.
>>
>> Everyone who likes that should be thanking Jeff Licquia and Anthony
>> Towns, everyone who doesn't has to set Acquire::http::AllowRedirect to
>> false.
>
> Cool!
>
> Sorry that I kept alive obsolete info.
>
> Might be worth the try to pass on that knowledge to the owner of that
> unofficial multimedia repository, in case there was genuine interest in
> speeding up the move away from confusing hostname.

Might be, that my response was a bit ill-worded:
It doesn't help in this case, as a user still has to manually edit his
sources.list (i guess at some point the redirect will disappear).

APT really only supports the redirect, not something like rewriting
the sources.list automatically to satisfy the permanent redirect,
simply because editing these files is usually not a good idea in
general and editing it just because of a 301 response which could
possibly come from a man-in-the-middle is not just not a good idea
but an enormous security problem (redirects in general for some
definition of problem, hence the AllowRedirect setting).

So this response was just to tackle the common myth that redirects
are not supported even through services like http.debian.net
disprove that every day. Not that you can come around the need
for wordy advertisement of this transition with a technical trick.

What is usually done is uploading the most-used package (e.g. the keyring)
with a debconf message about the transition. I have seen packages
doing the flip automatically, which usually ends in a disaster as soon
as your users use a mirror or a proxy setup, so i would strongly advice
against that (and only mention it so i can advice against it).

Best regards

David Kalnischkies

Reply to:

References:
- Version for a returning package
  - From: Mike Hommey <mh@glandium.org>
- Re: Version for a returning package
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Version for a returning package
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: Version for a returning package
  - From: Chris Knadle <Chris.Knadle@coredump.us>
- Re: Version for a returning package
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: Version for a returning package
  - From: David Kalnischkies <kalnischkies@gmail.com>
- Re: Version for a returning package
  - From: Jonas Smedegaard <dr@jones.dk>

Prev by Date: Re: Wheezy release: CDs are not big enough any more...
Next by Date: Re: Wheezy release: CDs are not big enough any more...
Previous by thread: Re: Version for a returning package
Next by thread: Re: Version for a returning package
Index(es):
- Date
- Thread