Bug#992692: general: Use https for {deb,security}.debian.org by default

To: 992692@bugs.debian.org
Subject: Bug#992692: general: Use https for {deb,security}.debian.org by default
From: Ansgar <ansgar@43-1.org>
Date: Wed, 08 Sep 2021 14:01:03 +0200
Message-id: <[🔎] 691e2c4d4ae713dd37c050ecd94fef12d4d94200.camel@43-1.org>
Reply-to: Ansgar <ansgar@43-1.org>, 992692@bugs.debian.org
In-reply-to: <YTikKFgV74s/TRoz@alf.mars>
References: <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] YS9EywR3MQKlBn47@alf.mars> <[🔎] 3be2fcffdc1187466bd56e19e61a405a51e6e936.camel@43-1.org> <[🔎] 87r1e82w28.fsf@hope.eyrie.org> <[🔎] 20210902102215.f99248e0ff859b8cc478128b@iijmio-mail.jp> <YTiZ2fipJll/LgKz@alf.mars> <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] ca14340e6210ef3779fb89e0f6fd151ce5e73622.camel@43-1.org> <YTikKFgV74s/TRoz@alf.mars> <162963701727.2536441.3655242380753523899.reportbug@tiny>

On Wed, 2021-09-08 at 13:53 +0200, Helmut Grohne wrote:
> On Wed, Sep 08, 2021 at 01:37:37PM +0200, Ansgar wrote:
> > Maybe we should just find out who is responsible for this decision
> > and
> > reassign the bug to them.  The installer team maintaining d-i and
> > debootstrap or the mirror team seem reasonable choices?
> 
> We've already tried that approach on the /usr-merge and the resulting
> transition is miserable. Let's not repeat that mistake.

So what do you suggest then? Tech-ctte as with merged-/usr? Or a GR? Or
something else?

> It's the same pattern actually:
>  * People propose a change that does have positive effects, though
> some
>    find the positive effects unimportant.
>  * Other people disagree and raise concerns.
>  * Concerns are ignored. <- This is where we are with https-default.

It's also where we are with keep-http-as-default.

> Change has a cost. I do not want to pay the cost for either of these
> changes.

Then we could never change anything.

To keep up with merged-/usr: keeping non-merged-/usr also has a cost.
Nobody wants to pay the cost for it.

Ansgar

Reply to:

Follow-Ups:
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>

References:
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>

Prev by Date: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by Date: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Previous by thread: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by thread: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Index(es):
- Date
- Thread