[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992692: general: Use https for {deb,security}.debian.org by default

On Wed, 2021-09-08 at 13:53 +0200, Helmut Grohne wrote:
> On Wed, Sep 08, 2021 at 01:37:37PM +0200, Ansgar wrote:
> > Maybe we should just find out who is responsible for this decision
> > and
> > reassign the bug to them.  The installer team maintaining d-i and
> > debootstrap or the mirror team seem reasonable choices?
> We've already tried that approach on the /usr-merge and the resulting
> transition is miserable. Let's not repeat that mistake.

So what do you suggest then? Tech-ctte as with merged-/usr? Or a GR? Or
something else?

> It's the same pattern actually:
>  * People propose a change that does have positive effects, though
> some
>    find the positive effects unimportant.
>  * Other people disagree and raise concerns.
>  * Concerns are ignored. <- This is where we are with https-default.

It's also where we are with keep-http-as-default.

> Change has a cost. I do not want to pay the cost for either of these
> changes.

Then we could never change anything.

To keep up with merged-/usr: keeping non-merged-/usr also has a cost.
Nobody wants to pay the cost for it.


Reply to: