Re: Q: Use https for {deb,security}.debian.org by default
On Fri, Aug 20, 2021 at 07:20:22PM +0000, Jeremy Stanley wrote:
> Yes transparent proxies or overridden DNS lookups could be used to
> direct deb.debian.org and security.debian.org to your alternative
> location,
I've been thinking for a while that we should bake a feature in apt
whereby a network administrator can indicate somehow that there is a
local apt mirror and that apt should use that one in preference to
deb.debian.org.
This could be useful for both the "I've got a slow uplink and would like
it to not be overwhelmed at the BSP I'm hosting for my Debian friends"
type as well as the "I'm an ISP and I want to provide a mirror to Debian
users so we can reduce our uplink connection a bit" type of situations.
However, I've not been able to come up with a scheme which is simple
enough to be doable on a LAN while at the same time be usable by larger
network providers, *and* which can't also be abused by MitM attackers.
Perhaps it's just not something we would be able to do?
--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}
Reply to:
- References:
- Q: Use https for {deb,security}.debian.org by default
- From: Hideki Yamane <henrich@iijmio-mail.jp>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Simon Richter <sjr@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Kyle Edwards <kyle.edwards@kitware.com>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Bjørn Mork <bjorn@mork.no>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Russ Allbery <rra@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Simon Richter <sjr@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Russ Allbery <rra@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Jeremy Stanley <fungi@yuggoth.org>