Bug#992692: general: Use https for {deb,security}.debian.org by default

To: Paul Wise <pabs@debian.org>, 992692@bugs.debian.org
Subject: Bug#992692: general: Use https for {deb,security}.debian.org by default
From: Simon Richter <sjr@debian.org>
Date: Fri, 10 Sep 2021 16:48:56 +0200
Message-id: <[🔎] 29dca335-38e1-33ea-9d2b-d961400f5cc0@debian.org>
Reply-to: Simon Richter <sjr@debian.org>, 992692@bugs.debian.org
In-reply-to: <[🔎] CAKTje6EFRin1YDG=Cg=fygVeYj7vMgz+fywOLUhqVXBuWdLx0g@mail.gmail.com>
References: <[🔎] YS9EywR3MQKlBn47@alf.mars> <[🔎] 3be2fcffdc1187466bd56e19e61a405a51e6e936.camel@43-1.org> <[🔎] 87r1e82w28.fsf@hope.eyrie.org> <[🔎] 20210902102215.f99248e0ff859b8cc478128b@iijmio-mail.jp> <[🔎] d6217ac5-2e80-469b-e8fd-082c7bd23f0f@debian.org> <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] 20210905051246.97bd855594d009bb81757f36@iijmio-mail.jp> <[🔎] 62a4d70b-78a9-06f7-4c1e-dd26c74f31fe@debian.org> <162963701727.2536441.3655242380753523899.reportbug@tiny> <[🔎] CAKTje6EFRin1YDG=Cg=fygVeYj7vMgz+fywOLUhqVXBuWdLx0g@mail.gmail.com> <162963701727.2536441.3655242380753523899.reportbug@tiny>

Hi,

On 10.09.21 01:46, Paul Wise wrote:

Another important argument is that it creates a dependency on
third-party commercial CDNs, and their *continued* sponsorship.

This dependency on external providers is unavoidable, Debian
definitely cannot afford to run our own CDN at the scale needed to
support our existing userbase. For example the security mirrors
struggled with Linux kernel security updates, so security.d.o switched
to a commercial CDN. Also, we are dependent on continued sponsorship
for all of our infrastructure, paying for all of our hosting is likely
not feasible.

Yes -- and mirrors have traditionally been provided by third parties.What is new about the CDNs is that there are rather few of those, andthis centralization aspect is what worries me.

Personally I'd like to see a larger variety of Debian delivery
mechanisms; copy Debian/snapshot to archive.org, create a multi-distro
FLOSS CDN, bring back httpredir, DebTorrent and apt-p2p, add an i2p
mirror, use IPFS and content oriented networking etc. Michael Stone's
apt://debian idea seems like a good way to move in that direction
while adding protocol agility.

Yes, absolutely -- and we especially want to have a better solution forcontainers, because my expectation is that a large fraction of ourtraffic is just people not bothering to set up caching.


   Simon

Reply to:

References:
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Helmut Grohne <helmut@subdivi.de>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Ansgar <ansgar@43-1.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Simon Richter <sjr@debian.org>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Simon Richter <sjr@debian.org>
- Bug#992692: general: Use https for {deb,security}.debian.org by default
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by Date: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Previous by thread: Bug#992692: general: Use https for {deb,security}.debian.org by default
Next by thread: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default
Index(es):
- Date
- Thread