Re: [PATCH] APT https method improvements
On Thu, Jun 19, 2008 at 01:57:51PM +0200, Arnaud Ebalard wrote:
> Hi Michael,
Hi Arnaud,
sorry for my slow reply. A mixture of traveling and nasty flu
prevented me from looking further into the patches.
> Michael Vogt <mvogt@acm.org> writes:
> > On Mon, Jun 02, 2008 at 06:35:32PM +0200, Arnaud Ebalard wrote:
[..]
> > For when is 7.18.3 scheduled?
>
> 7.19.0 is scheduled for august (one stable release every two monthes or
> so). Daniel Steinberg decided to jump from 7.18.2 (released last week
> or so) to 7.19.0. Generally, the new version is almost immediately
> available as a Debian package.
>
> In the end, this lets time to improve the patches if needed.
Thanks, unfortunate timing for lenny, those bits will not make. I will
merge the patch that requires 7.19.0 once its available.
> >> + // File containing the list of trusted CA.
> >> + string cainfo = _config->Find("Acquire::https::CaInfo","");
> > [..]
> >
> > If this is a file, then we should probably use the "Dir::Etc"
> > hirarchie together with "FindFile()". So "Dir::Etc::CaInfo". Maybe a
> > new level under "Dir" instead of "Dir::Etc" if there are a lot of
> > option. One of Dir::Auth, Dir::TLS, Dir::SSL? (Same for the other bits
> > below were files are used). Otherwise it looks good.
>
> Those elements are all "https-related", hence the idea of sticking with
> Acquire::https not to confuse the user. I'll let you decide what is the
> best.
>
> For the Find()/FindFile(), I simply reused the Find() because it was
> the method used in https.cc. I was not aware of FindFile() at that
> time. I wonder what the switch to FindFile() will provide because the
> strings are directly passed to curl via curl_easy_setopt(). AFAICT, the
> additional features provided by FindFile() are not needed. Is that
> correct?
Yeah, I think its more consistent to leave it under the Acquire::https
namespace.
[..]
> > Thanks for this configuration example with the documentation, that is
> > very welcome!
>
> For users, it is probably more readable than sources. The drawback is
> that they can complain when something documented does not work as
> expected ;-)
I merged the client_auth_and_additions.patch and the
apt-transport-https-doc.patch (removed the bits that do not yet apply
because the new libcurl is not yet availabe) into the debian bzr tree
at:
http://bzr.debian.org/bzr/apt/apt/debian-sid/
Review is welcome (but it should be pretty identical to the initial
proposed patch).
Thanks,
Michael
Reply to: