Re: Debian derivatives census: https for apt repositories

To: Paul Wise <pabs@debian.org>, debian-derivatives <debian-derivatives@lists.debian.org>
Subject: Re: Debian derivatives census: https for apt repositories
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed, 18 May 2016 15:48:26 +0000
Message-id: <[🔎] 573C8ECA.4020601@riseup.net>
In-reply-to: <[🔎] 1463469882.18985.20.camel@debian.org>
References: <[🔎] 1463469882.18985.20.camel@debian.org>

Paul Wise:
> Thanks to the Whonix folks for redirecting to https, which meant that I
> noticed the census didn't support that and then fixed it.

:)

FYI: We are using HSTS and your browser honors it and redirects you, I
guess. We however are not forcing/redirecting http to https for our apt
repository on the server level.

This means, apt-get is still free to download over http-only. This is
even still the default for Whonix 13. We decided its not worth to go for
https if the Debian repositories [normal and security] are unavailable
over https.

We might be changing by default to .onion repositories in future:

https://phabricator.whonix.org/T399

Cheers,
Patrick

Reply to:

Follow-Ups:
- Re: Debian derivatives census: https for apt repositories
  - From: Paul Wise <pabs@debian.org>

References:
- Debian derivatives census: https for apt repositories
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Debian derivatives census: Tucunaré: website broken
Next by Date: Re: Debian derivatives census: https for apt repositories
Previous by thread: Debian derivatives census: https for apt repositories
Next by thread: Re: Debian derivatives census: https for apt repositories
Index(es):
- Date
- Thread