[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT do not work with Squid as a proxy because of pipelining default

On Wed, May 19, 2010 at 10:42:55AM +0200, Bjørn Mork wrote:

> 2) http proxy servers cannot always process pipelined requests due to
>    the complexity this adds (complexity is always bad for security), and

This is bullshit. It's *VERY* easy to "support" pipelining: parse one
request at a time, and until you're done with a given request, you just
stop to watch the socket/file-descriptor for reading (IOW you let the
consecutive request live in the kernel buffers).

Such an implementation of course doesn't benefit from the pipelining
wins, but it works just fine.

In addition to that, multiplying the tcp connections means more file
descriptors to be used at the http-server side, which is way inferior to

If squid fails when apt uses pipelining then squid is to be fixed.

I'd say that mentioning in the README.Debian of apt that disabling the
pipelining may help is fine, but disabling it by default is wrong.
Pipelining is defined in the RFC since the nineties ffs...

·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Reply to: