[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

On Thu, Sep 09, 2021 at 11:54:44AM +0530, Pirate Praveen wrote:
Why can't auto-apt-proxy ask this as a debconf question? I also like auto-apt-proxy but I agree with  this, someone needing auto-apt-proxy should be able to change the default as well.

I don't really see why adding another debconf question would be better than just preseeding the existing one.

The only thing I could see that would be a net gain would be to generalizes sources.list more. Instead of having a user select a specific protocol and path, allow the user to just select high-level objects. Make this a new pseudo-protocol for backward compatibility, and introduce something like
  deb apt:// suite component[s]
so the default could be something like
  deb apt:// bullseye main
  deb apt:// bullseye/updates main
then the actual protocols, servers, and paths could be managed by various plugins and overridden by configuration directives in apt.conf.d. For existing configurations it's a no-op but it allows more flexibility & new plugins/protocols in the future without having to micromanage sources.list. If someone wants to use tor by default but fall back to https if it's unreachable, they can do that. If someone wants to use a local proxy via http but https if they're not on their local network, they can do that. New installations could default to https, existing installations can keep doing their thing, and a plugin like auto-apt-proxy can override defaults to do something more complicated, using more policy-friendly .d configurations rather than figuring out a way to rewrite some other package's configuration file.

Reply to: