Bug#842040: Please add https support
On 20.11.2016 11:45, Cyril Brulebois wrote:
>> But you are absolutely correct in for this to be universally useful,
>> we'd also need a ca-certificates-udeb. I can take a look at that but I
>> somewhat fear that it won't be that much smaller than the regular one
>> (maybe ~150k udeb size).
>
> If you're going to need another cpio archive with PEM files, can't you
> just add the needed bits (wget & libraries) for https there?
>
> Adding packages for every single image just so that Google people can
> append a cpio archive with some CAs doesn't look too reasonable to me:
> you need to do extra work on your end anyway, and everybody pays that
> price without getting any advantage…
Well, I said why adding wget plus somehow determining the required
libraries is harder than just adding some static content.[1] We also
wouldn't need to do the PEM cpio dance if ca-certificates-udeb would be
part of the image. We don't need to add an internal CA or something like
that.
I understand the bit about paying the price, which is why I tried to
address that in my reply as well. Recent discussions on -devel showed
that there's a general interest in HTTPS enablement.
Kind regards
Philipp Kern
[1] Unless we rebuild d-i, which we could do.
Reply to: