[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS needs to be implemented for updating

Christoph Moench-Tegeder :
## gwmfms06@unseen.is (gwmfms06@unseen.is):

What with Let's Encrypt now active, there is no excuse to not move
everything to HTTPS for updating.
1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents
    that (unless you break HTTPS). This not only affects the server
    side (I have no idea about the amount of "traffic saved" for Debian),
    but also sites running multiple machines with Debian installed.
    Setting up a mirror is more work than just running a squid.
2. That brings us to: Mirrors. There's quite a bunch of them, and
    I'm quite sure that some of them (even primary mirrors) are not
    "Debian Project hardware". That way it's not just "throw a switch
    and everything is SSL", and it even creates some interesting
    questions like third parties (those non-Debian mirror admins)
    having access to debian.org SSL keys.

First point is an inconvenience, second point requires a lot of work
to resolve.

There could be https mirrors as well as non-https mirrors.

Each individual / company could decide to use a non-https mirror if they so prefer.

(Some https mirrors are already available, for example mirrors.kernel.org)


Reply to: