Bug#992692: general: Use https for {deb,security}.debian.org by default

To: Simon Richter <sjr@debian.org>, 992692@bugs.debian.org
Cc: 992692@bugs.debian.org
Subject: Bug#992692: general: Use https for {deb,security}.debian.org by default
From: Hideki Yamane <henrich@iijmio-mail.jp>
Date: Sun, 5 Sep 2021 05:12:46 +0900
Message-id: <[🔎] 20210905051246.97bd855594d009bb81757f36@iijmio-mail.jp>
Reply-to: Hideki Yamane <henrich@iijmio-mail.jp>, 992692@bugs.debian.org
In-reply-to: <[🔎] d6217ac5-2e80-469b-e8fd-082c7bd23f0f@debian.org>
References: <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] YS9EywR3MQKlBn47@alf.mars> <[🔎] 3be2fcffdc1187466bd56e19e61a405a51e6e936.camel@43-1.org> <[🔎] 87r1e82w28.fsf@hope.eyrie.org> <[🔎] 20210902102215.f99248e0ff859b8cc478128b@iijmio-mail.jp> <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] d6217ac5-2e80-469b-e8fd-082c7bd23f0f@debian.org> <162963701727.2536441.3655242380753523899.reportbug@tiny>

On Thu, 2 Sep 2021 21:26:11 +0200
Simon Richter <sjr@debian.org> wrote:
> The TLS layer is not part of the security model, so we'd be teaching 
> users to look for the wrong thing, kind of like the "encrypted with SSL" 
> badges on web pages in the 90ies.

 Is there any strong reason to use HTTP than HTTPS now?
 Should we teach all our users (including non-tech) about "Secure APT"
 mechanism?

 And I said about only deb.debian.org and security.debian.org, and
 just "default" - it means it does provide http access too.

-- 
Regards,

 Hideki Yamane     henrich @ debian.org/iijmio-mail.jp

Reply to:

Follow-Ups:
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Simon Richter <sjr@debian.org>

References:
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Simon Richter <sjr@debian.org>

Prev by Date: Re: Ideas for a dh-privacy-helper
Next by Date: Re: Ideas for a dh-privacy-helper
Previous by thread: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by thread: Bug#992692: general: Use https for {deb,security}.debian.org by default
Index(es):
- Date
- Thread