Re: Q: Use https for {deb,security}.debian.org by default

To: debian-devel@lists.debian.org
Subject: Re: Q: Use https for {deb,security}.debian.org by default
From: Simon Richter <sjr@debian.org>
Date: Sat, 21 Aug 2021 12:31:26 +0200
Message-id: <[🔎] 46efe0d9-c98b-d5d2-92a3-b3e1fd597f8c@debian.org>
In-reply-to: <[🔎] YSC8AKP6UQjYPXIp@pc181009.grep.be>
References: <[🔎] 20210819223820.fb4a3f7ab23da92a685fe4ce@iijmio-mail.jp> <[🔎] 5790d751-dda8-fab6-601d-ebd8e30433c5@hogyros.de> <[🔎] bb4cdd0c-5490-90b1-1035-53bb42ac4ead@kitware.com> <[🔎] 20210819221132.svidlgyghjfz7qjb@yuggoth.org> <[🔎] 87bl5sh2za.fsf@miraculix.mork.no> <[🔎] 20210820141703.xq3qmqaltoknox7d@yuggoth.org> <[🔎] 87h7fkkvvi.fsf@hope.eyrie.org> <[🔎] edc2d127-e363-8335-cc05-8f8487d63725@hogyros.de> <[🔎] 8735r4kkf1.fsf@hope.eyrie.org> <[🔎] 20210820192022.l4zsyvrau2homxdr@yuggoth.org> <[🔎] YSC8AKP6UQjYPXIp@pc181009.grep.be>

Hi,

On 21.08.21 10:40, Wouter Verhelst wrote:

I've been thinking for a while that we should bake a feature in apt
whereby a network administrator can indicate somehow that there is a
local apt mirror and that apt should use that one in preference to
deb.debian.org.

I've been thinking the same thing, but that would negate the remainingsecurity benefit of using https, that's why I expressed a preference formaking it visible that the connection is not encrypted and security isonly provided by the signatures over pretending it is and then(silently?) allowing a proxy to intercept the connection.


   Simon

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: "Andrew M.A. Cater" <amacater@einval.com>

References:
- Q: Use https for {deb,security}.debian.org by default
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Simon Richter <sjr@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Kyle Edwards <kyle.edwards@kitware.com>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Bjørn Mork <bjorn@mork.no>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Russ Allbery <rra@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Simon Richter <sjr@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Russ Allbery <rra@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: inconsistent mailgraph settings
Next by Date: Re: Q: Use https for {deb,security}.debian.org by default
Previous by thread: Re: Q: Use https for {deb,security}.debian.org by default
Next by thread: Re: Q: Use https for {deb,security}.debian.org by default
Index(es):
- Date
- Thread