Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Hi,
On Wed, 01 Sep 2021 07:46:07 -0700
Russ Allbery <rra@debian.org> wrote:
> >> I believe that the discussion has later identified that doing so would
> >> break squid-deb-proxy-client and auto-apt-proxy. Given that the
> >> security benefits are not strong (beyond embracing good habits), I
> >> think the reasonable thing to do is keep preferring http.
>
> > That is an opt-in choice which likely only a small number of users use.
> > People wanting to use a caching proxy can just switch to http as part of
> > this choice; it doesn't seem a good reason to not use https by default
> > for all other users.
>
> Completely agreed.
Providing "default secure setting" is good message to users.
Some users want proxy but they can configure their settings.
So just change "default setting for {deb,security}.debian.org"
is not so harmful, IMO.
- Users can choose other mirror than https://deb.debian.org
- Caching .debs from security.debian.org is not so huge, I guess
(maybe except linux-image).
--
Hideki Yamane <henrich@iijmio-mail.jp>
Reply to: