[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt not supporting 301 responses?

Stephen Zander wrote:
> Package: apt
> Version: 0.5.4
> Severity: important
> Recently, ftp.kernel.org moved their mirror of Debian to a new
> machine, mirrors.kernel.org.  They did the right thing and respond
> with a status of 301 (permanently moved) when you request any url
> under http://ftp.kernel.org/debian (or http://www.kernel.org/debian).
> The problem is that apt doesn't handle 301 status and complains that
> it can't find the necessary Package files.  Obviously, I can edit
> sources.list to point to the new localtion but I'm rather suprised
> that apt is not performing the second request in response to the 301
> status.

Does apt give a sane error message that would help track down the 
problem, or does it generically complain it can't find the files?  
If it gave an error message with the reply from the server I'd say 
leave it alone.  One NEEDS to get the urls updated in the 
configuration file.  What happens after a while when the original 
server with the redirects goes away?  Then the user has no idea 
where the packages went.  I don't think it should follow the 
redirects.  It should inform the user of the redirects and let the 
user update the configuration file.  If you want it to follow the 
redirects it should notify the user and ask permission to do so.  
It should not blindly follow them.  

This issue also delves into security related issues quite quickly 
as one could modify the config file on a server and have it 
redirect to another server to distribute trojaned code.  I don't 
feel the following of redirects can be silent even if it on the 
same server.

|  Bryan Andersen   |   bryan@visi.com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

Reply to: