[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

On Wed, Sep 08, 2021 at 01:37:37PM +0200, Ansgar wrote:
> Maybe we should just find out who is responsible for this decision and
> reassign the bug to them.  The installer team maintaining d-i and
> debootstrap or the mirror team seem reasonable choices?

We've already tried that approach on the /usr-merge and the resulting
transition is miserable. Let's not repeat that mistake.

It's the same pattern actually:
 * People propose a change that does have positive effects, though some
   find the positive effects unimportant.
 * Other people disagree and raise concerns.
 * Concerns are ignored. <- This is where we are with https-default.
 * Change is being implemented anyway.
 * Stuff breaks. <- This is where we are with /usr-merge.

This is frustrating.

I do see the advantages of using https. I do not see how to not make it
happen without breaking relevant use cases. Same with the /usr-merge. I
do see the advantages. I've stopped counting the things that broke. Most
recent one is the uucp FTBFS. Change has a cost. I do not want to pay
the cost for either of these changes.


Reply to: