Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

To: debian-devel@lists.debian.org, 992692@bugs.debian.org
Subject: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
From: Helmut Grohne <helmut@subdivi.de>
Date: Wed, 8 Sep 2021 13:53:12 +0200
Message-id: <YTikKFgV74s/TRoz@alf.mars>
Mail-followup-to: debian-devel@lists.debian.org, 992692@bugs.debian.org
In-reply-to: <[🔎] ca14340e6210ef3779fb89e0f6fd151ce5e73622.camel@43-1.org>
References: <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] YS9EywR3MQKlBn47@alf.mars> <[🔎] 3be2fcffdc1187466bd56e19e61a405a51e6e936.camel@43-1.org> <[🔎] 87r1e82w28.fsf@hope.eyrie.org> <[🔎] 20210902102215.f99248e0ff859b8cc478128b@iijmio-mail.jp> <YTiZ2fipJll/LgKz@alf.mars> <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] ca14340e6210ef3779fb89e0f6fd151ce5e73622.camel@43-1.org>

On Wed, Sep 08, 2021 at 01:37:37PM +0200, Ansgar wrote:
> Maybe we should just find out who is responsible for this decision and
> reassign the bug to them.  The installer team maintaining d-i and
> debootstrap or the mirror team seem reasonable choices?

We've already tried that approach on the /usr-merge and the resulting
transition is miserable. Let's not repeat that mistake.

It's the same pattern actually:
 * People propose a change that does have positive effects, though some
   find the positive effects unimportant.
 * Other people disagree and raise concerns.
 * Concerns are ignored. <- This is where we are with https-default.
 * Change is being implemented anyway.
 * Stuff breaks. <- This is where we are with /usr-merge.

This is frustrating.

I do see the advantages of using https. I do not see how to not make it
happen without breaking relevant use cases. Same with the /usr-merge. I
do see the advantages. I've stopped counting the things that broke. Most
recent one is the uucp FTBFS. Change has a cost. I do not want to pay
the cost for either of these changes.

Helmut

Reply to:

Follow-Ups:
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Tim Woodall <debiandevel@woodall.me.uk>

References:
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>

Prev by Date: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by Date: Bug#992692: general: Use https for {deb,security}.debian.org by default
Previous by thread: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by thread: Bug#992692: general: Use https for {deb,security}.debian.org by default
Index(es):
- Date
- Thread