[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS needs to be implemented for updating

## gwmfms06@unseen.is (gwmfms06@unseen.is):

> What with Let's Encrypt now active, there is no excuse to not move
> everything to HTTPS for updating.

1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents
   that (unless you break HTTPS). This not only affects the server
   side (I have no idea about the amount of "traffic saved" for Debian),
   but also sites running multiple machines with Debian installed.
   Setting up a mirror is more work than just running a squid.
2. That brings us to: Mirrors. There's quite a bunch of them, and
   I'm quite sure that some of them (even primary mirrors) are not
   "Debian Project hardware". That way it's not just "throw a switch
   and everything is SSL", and it even creates some interesting
   questions like third parties (those non-Debian mirror admins)
   having access to debian.org SSL keys.

First point is an inconvenience, second point requires a lot of work
to resolve.

Regards,
Christoph

-- 
Spare Space
Reply to: