[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: When should we https our mirrors?

On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote:
> It is also evident that there are some challenges for deploying TLS on
> a mirror network and/or CDN.  I don't think anyone is suggesting
> tearing down our existing mirror network.

https://deb.debian.org/ is now set up (thanks, folks!), so my attention
is now shifted away from the push to https all the things (not everyone
will, so I just want a stable well-used domain that could be a sensable
default, and let those who don't want to move forward stay in the past)
and on to considering the apt https transport and thoughts on how this
could become part of the base install.

I'm trying to think up some arguments for and against a few good points
before I distract this thread with more about that.


Attachment: signature.asc
Description: PGP signature

Reply to: