Bug#79002: Old problem still strikes....
Well, adding a note as I just faced the problem (in this case,
admin of xapian repositories at www.xapian.org/repo/path
reconfigured the system and started to redirect
to xapian.org/repo/path, buuuuum).
a) The opinion that 'doing redirects is extremly risky' is simply
false. In case mirror admin is hostile, he or she can directly
provide hostile content or proxy it instead of redirecting.
b) HTTP redirects are fairly standard and frequently used, and
website admins tend to believe they can transparently use them.
Debian official mirrors admins probably know about the problem,
but people who are publishing small repositories for dedicated
packages may need to use them or just does not know about the
problem.
c) There may be cases when HTTP redirects would reduce traffic,
if the same file is reused in multiple
distributions/architectures, redirecting (instead of server-side
symlinking) would reuse cache on in-between proxies...
Reply to: