Bug#992692: general: Use https for {deb,security}.debian.org by default
On Wed, 2021-09-08 at 13:53 +0200, Helmut Grohne wrote:
> On Wed, Sep 08, 2021 at 01:37:37PM +0200, Ansgar wrote:
> > Maybe we should just find out who is responsible for this decision
> > and
> > reassign the bug to them. The installer team maintaining d-i and
> > debootstrap or the mirror team seem reasonable choices?
>
> We've already tried that approach on the /usr-merge and the resulting
> transition is miserable. Let's not repeat that mistake.
So what do you suggest then? Tech-ctte as with merged-/usr? Or a GR? Or
something else?
> It's the same pattern actually:
> * People propose a change that does have positive effects, though
> some
> find the positive effects unimportant.
> * Other people disagree and raise concerns.
> * Concerns are ignored. <- This is where we are with https-default.
It's also where we are with keep-http-as-default.
> Change has a cost. I do not want to pay the cost for either of these
> changes.
Then we could never change anything.
To keep up with merged-/usr: keeping non-merged-/usr also has a cost.
Nobody wants to pay the cost for it.
Ansgar
Reply to: