Control: clone -1 -2 Control: severity -1 wishlist Control: reassign -2 ftp.debian.org On Sat, Oct 13, 2018 at 05:06:37PM +0100, Ben Hutchings wrote: > The default value of Acquire::Changelogs::URI::Origin::Debian is > "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";. Note that this value is not used as long as the Release file contains a Changelogs: field – which has the same value ATM. So, for your local setup you will need: Acquire::Changelogs::URI::Override::Origin::Debian "tor+http://cmgvqnxjoiqthvrc.onion/changelogs/@CHANGEPATH@_changelog";; (expect, in your case https instead of tor and hidden service of course) That is so that any repository can provide changelogs for its packages – and that the URI can be changed without changing apt which has happened historically a few times before this mechanism was introduced ~3 years ago. > Since metadata.ftp-master.debian.org supports HTTP-S and redirects to > the https: scheme, the URL should be changed to use it from the start. I think the apt client is exempt from such an automatic redirect. The "reason" is that apt < 1.5 has no built-in support for https and needs apt-transport-https installed. Changing that value now means that changelog wont work for stable users anymore who are trying to access newer Debian releases as long as they haven't a-t-https installed – but that might be acceptable. On the other hand we could drop the entry in the Release file for now so that stable uses http and we change apt/unstable to use https… decisions decisions, but that is for ftp/dakmasters to worry about. ;) Sadly, I haven't thought about allowing this field to be multiline to give multiple URIs – then again, it might be for the best as that would turn complicated fast. Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature