Re: When should we https our mirrors?
]] Paul Tagliamonte
> On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote:
> > It is also evident that there are some challenges for deploying TLS on
> > a mirror network and/or CDN. I don't think anyone is suggesting
> > tearing down our existing mirror network.
> https://deb.debian.org/ is now set up (thanks, folks!), so my attention
> is now shifted away from the push to https all the things (not everyone
> will, so I just want a stable well-used domain that could be a sensable
> default, and let those who don't want to move forward stay in the past)
> and on to considering the apt https transport and thoughts on how this
> could become part of the base install.
Note that the performance of HTTPS there is worse than for HTTP due to a
lack of SRV support in apt-transport-https, though, which means it falls
back to doing HTTP redirects.
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are