[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT do not work with Squid as a proxy because of pipelining default

Petter Reinholdtsen <pere@hungry.com> writes:
> [Roger Lynn]
>> But apt has been using pipelining for years. Why has this only just
>> become a problem?
> It has been a problem in Debian Edu for years.  Just recently I
> figured out the cause and a workaround.

And FWIW I have experienced this problem for years too, but never
figured out why until this discussion came up.  And I do want to claim
more than common user knowledge of http proxy servers.  Still, it never
occured to me that my spurious apt problems could be caused by proxies.
And no, it's not just squid - I've been seeing the exact same at work
where the office network have some intercepting proxy solution from

Anyway, this is definitely the type of problem that can and do exist for
years without that necessarily causing a massive number of bug reports
against apt.  I still do not think that is an argument against fixing

Can we please agree that in the real world
1) RFC1123 beats any other standard: "Be liberal in what you accept, and
   conservative in what you send", and
2) http proxy servers cannot always process pipelined requests due to
   the complexity this adds (complexity is always bad for security), and
3) http clients cannot know whether their requests are proxied

The sum of these three points is that a http client should never send
pipelined requests.  


Reply to: