[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS needs to be implemented for updating

On 18/12/16 22:03, Christoph Moench-Tegeder wrote:
second point requires a lot of work
to resolve.


Monday morning yet-to-be-caffienated thoughts...

I'm going to ignore the 'inconvenience' because I think in this case that's a specious argument.

I acknowledge there's a bucketload of work to implement this. Just gets me to thinking, staging a switch over may be better. eg, a new apt config for https as either 'required' 'desired' and 'off'. This reduces the initial workload. Start with the default 'off', then at some future release move to 'desired' then 'required'.

Further, I suggest perhaps an automated survey of the major mirrors to find which ones already support https may be in order. Perhaps the resultant data could be used by the apt-transport-https package for now, as well as deciding when the above mentioned switch over might occur.

As I say, decaffienated Monday morning thoughts.

Reply to: