Re: When should we https our mirrors?

To: Debian Devel <debian-devel@lists.debian.org>
Subject: Re: When should we https our mirrors?
From: Paul Tagliamonte <paultag@debian.org>
Date: Mon, 17 Oct 2016 12:13:28 -0400
Message-id: <[🔎] CAO6P2QRWx3SWjbcGV+H0FQ1wVcEDbRG=E9Udu5JSjxMt0Ae3xA@mail.gmail.com>
In-reply-to: <[🔎] CAKTje6EFTqxm9Zy5vX5Cu3teL+1g4iKfnUxzFRy_chSJ8DsZfg@mail.gmail.com>
References: <[🔎] 20161015180336.GA19899@cassiel.pault.ag> <[🔎] CAKTje6EFTqxm9Zy5vX5Cu3teL+1g4iKfnUxzFRy_chSJ8DsZfg@mail.gmail.com>

On Sun, Oct 16, 2016 at 09:11:42AM +0800, Paul Wise wrote:
> Exactly what actions do you mean by this?
>
> Debian does not control what mirror operators do, they are free to add
> https or not. Some do but most don't.

We do control the CDN. We can also start to move systems with a new apt
to a HTTP redirect-based mirror network using HTTPS only. This could
become the default, and new mirrors can add themselves when they're
ready, and as stable ages out, so does our use of HTTP. Or whatever.

> httpredir.d.o is not well maintained, but it could theoretically
> support https if someone cared about it.
>
> deb.d.o is backed by two commercial CDNs, see Tollef's mail about that.

Sounds like a great starting point :)

Cheers,
  Paul

Reply to:

References:
- When should we https our mirrors?
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: When should we https our mirrors?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Bug#841091: ITP: node-get-value -- Use property paths to get a nested value from an object
Next by Date: Re: Is missing SysV-init support a bug?
Previous by thread: Re: When should we https our mirrors?
Next by thread: Re: When should we https our mirrors?
Index(es):
- Date
- Thread