Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
On Wed, Sep 08, 2021 at 01:37:37PM +0200, Ansgar wrote:
> Maybe we should just find out who is responsible for this decision and
> reassign the bug to them. The installer team maintaining d-i and
> debootstrap or the mirror team seem reasonable choices?
We've already tried that approach on the /usr-merge and the resulting
transition is miserable. Let's not repeat that mistake.
It's the same pattern actually:
* People propose a change that does have positive effects, though some
find the positive effects unimportant.
* Other people disagree and raise concerns.
* Concerns are ignored. <- This is where we are with https-default.
* Change is being implemented anyway.
* Stuff breaks. <- This is where we are with /usr-merge.
This is frustrating.
I do see the advantages of using https. I do not see how to not make it
happen without breaking relevant use cases. Same with the /usr-merge. I
do see the advantages. I've stopped counting the things that broke. Most
recent one is the uucp FTBFS. Change has a cost. I do not want to pay
the cost for either of these changes.
Helmut
Reply to: