Bug#992692: general: Use https for {deb,security}.debian.org by default

[Ansgar <ansgar@43-1.org>]

On Wed, 2021-09-08 at 13:09 +0200, Helmut Grohne wrote:
> On Thu, Sep 02, 2021 at 10:22:15AM +0900, Hideki Yamane wrote:
> >  Some users want proxy but they can configure their settings.
> >  So just change "default setting for {deb,security}.debian.org"
> >  is not so harmful, IMO. 
> 
> I fear you are putting this upside down. In reality, some sites (not
> users) want their users to use their local cache (transparently or
> not).

Then have the users install the site's CA authority that allows
inspecting and caching HTTPS traffic.


> Unfortunately, I don't see consensus for this, but at the same time I
> neither see consensus for enabling https by default. It's a matter
> that
> keeps popping up and people disagreeing on over and over again. The
> one
> thing that we have clearly understood at this point is that one size
> does not fit everyone. Either way makes some people unhappy.

Maybe we should just find out who is responsible for this decision and
reassign the bug to them.  The installer team maintaining d-i and
debootstrap or the mirror team seem reasonable choices?

Ansgar