[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default


On Thu, Sep 02, 2021 at 10:22:15AM +0900, Hideki Yamane wrote:
>  Some users want proxy but they can configure their settings.
>  So just change "default setting for {deb,security}.debian.org"
>  is not so harmful, IMO. 

I fear you are putting this upside down. In reality, some sites (not
users) want their users to use their local cache (transparently or not).

>  - Users can choose other mirror than https://deb.debian.org

As far as I can tell, most users don't want to make a choice here. They
want downloading packages to just work. Preferably fast. It is the
"fast" thing that you are breaking here.

>  - Caching .debs from security.debian.org is not so huge, I guess
>    (maybe except linux-image).

Not sure why security.d.o is singled out here. The switch is only
reasonable on the whole or not at all. And there the whole volume of
packages counts.

Enabling https by default quite simply breaks the simple recipe of
installing auto-apt-proxy. Would you agree with auto-apt-proxy's
postinst automatically editing your sources.list to drop the s out of
https? The answer repeatedly given in this thread to do so manually is
very unsatisfying.

So I actually argue for installing auto-apt-proxy by default and inside
d-i. That is in direct conflict with the proposed change here.

Unfortunately, I don't see consensus for this, but at the same time I
neither see consensus for enabling https by default. It's a matter that
keeps popping up and people disagreeing on over and over again. The one
thing that we have clearly understood at this point is that one size
does not fit everyone. Either way makes some people unhappy.


Reply to: