Re: [PATCH] APT https method improvements

To: Arnaud Ebalard <arno@natisbad.org>
Cc: APT development ML <deity@lists.debian.org>, Axel Tillequin <axel.tillequin@eads.net>
Subject: Re: [PATCH] APT https method improvements
From: Michael Vogt <mvo@debian.org>
Date: Fri, 25 Jul 2008 20:04:38 +0200
Message-id: <[🔎] 20080725180438.GN27539@tas.localdomain>
In-reply-to: <87tzfpeiww.fsf@natisbad.org>
References: <877id7sskr.fsf@natisbad.org> <20080619103359.GA3718@tas.localdomain> <87tzfpeiww.fsf@natisbad.org>

On Thu, Jun 19, 2008 at 01:57:51PM +0200, Arnaud Ebalard wrote:
> Hi Michael,
Hi Arnaud,
 
sorry for my slow reply. A mixture of traveling and nasty flu
prevented me from looking further into the patches.

> Michael Vogt <mvogt@acm.org> writes:
> > On Mon, Jun 02, 2008 at 06:35:32PM +0200, Arnaud Ebalard wrote:
[..]
> > For when is 7.18.3 scheduled? 
> 
> 7.19.0 is scheduled for august (one stable release every two monthes or
> so). Daniel Steinberg decided to jump from 7.18.2 (released last week
> or so) to 7.19.0. Generally, the new version is almost immediately
> available as a Debian package.
> 
> In the end, this lets time to improve the patches if needed.

Thanks, unfortunate timing for lenny, those bits will not make. I will
merge the patch that requires 7.19.0 once its available.

> >> +   // File containing the list of trusted CA.
> >> +   string cainfo = _config->Find("Acquire::https::CaInfo","");
> > [..]
> >
> > If this is a file, then we should probably use the "Dir::Etc"
> > hirarchie together with "FindFile()". So "Dir::Etc::CaInfo". Maybe a
> > new level under "Dir" instead of "Dir::Etc" if there are a lot of
> > option. One of Dir::Auth, Dir::TLS, Dir::SSL? (Same for the other bits
> > below were files are used). Otherwise it looks good.
> 
> Those elements are all "https-related", hence the idea of sticking with
> Acquire::https not to confuse the user. I'll let you decide what is the
> best.
> 
> For the Find()/FindFile(), I simply reused the Find() because it was
> the method used in https.cc. I was not aware of FindFile() at that
> time. I wonder what the switch to FindFile() will provide because the
> strings are directly passed to curl via curl_easy_setopt(). AFAICT, the
> additional features provided by FindFile() are not needed. Is that
> correct?

Yeah, I think its more consistent to leave it under the Acquire::https
namespace.

[..]
> > Thanks for this configuration example with the documentation, that is
> > very welcome! 
> 
> For users, it is probably more readable than sources. The drawback is
> that they can complain when something documented does not work as
> expected ;-)

I merged the client_auth_and_additions.patch and the
apt-transport-https-doc.patch (removed the bits that do not yet apply
because the new libcurl is not yet availabe) into the debian bzr tree
at:
http://bzr.debian.org/bzr/apt/apt/debian-sid/

Review is welcome (but it should be pretty identical to the initial
proposed patch).

Thanks,
 Michael

Reply to:

Follow-Ups:
- Re: [PATCH] APT https method improvements
  - From: arno@natisbad.org (Arnaud Ebalard)

Prev by Date: Re: [PATCH] APT https method improvements
Next by Date: Processing of python-apt_0.7.7.1_i386.changes
Previous by thread: Bug#492360: cannot find source for package, even though showsrc finds it
Next by thread: Re: [PATCH] APT https method improvements
Index(es):
- Date
- Thread