[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Should apt-transport-https be Priority: Important ? (Asking to APT maintainers)

Dear APT maintainers,

while discussing the package contents of Debian cloud instances, the question
arose if it would make sense to install apt-https-transport on most Debian
systems, by setting its priority to "Important".

What do you think about this ?

I pasted below a summary of the discussion that happened on the debian-cloud
mailing list.  If there are inacccuracies or if you know other pros or cons, I
would be very glad to hear them in any case.

Have a nice day,

Charles

> In brief:
> 
> For a Debian system to use encrypted transport when downloading packages from
> an APT mirror that has been appropriately set up, the packages
> apt-transport-https and its dependancies must be installed.  Would it be a good
> service for our users to install this by default by setting this package's
> priority to "Important" ?
> 
> The question can be rephrased as "are the gains high enough compared to the costs ?"
> 
> Here are the gains:
> 
>  - Using HTTPS partially hides information about what a user installs on his machine.
> 
>  - Having HTTPS support by default means that users can switch directly to HTTPS
>    anytime they wish: the system is ready, there is nothing to learn (which package
>    to install) or to do (get the packages with either APT over HTTP or with
>    other tools and then install them with dpkg).  Note that the use of plain HTTP
>    may be mandatory in some environments.
> 
>  - We send a message to our users and the world, that we give a high importance to
>    the defense of people's privacy.
> 
> Here are limitations to these gains.
> 
>  - APT over HTTPS does not fully protect from surveillance, because by
>    analysing metadata such as the size of the transfers, one may deduce which
>    packages are being downloaded.  Thus, it has been proposed that APT
>    over HTTPS is not good enough and that APT over TOR should be proposed instead.
> 
>  - Most mirrors are not providing HTTPS yet, thus it is prematurate to enable
>    HTTPS support by default.  (By the way, will the content delivery network
>    debs.debian.org provide HTTPS support ?)
> 
>  - Opinions may widely differ on the impact and appropriateness of driving technical
>    choices (installing packages that most people will not use in the short term)
>    with political views (defense of privacy).
> 
> And here are the costs.
> 
>  - On a system freshly created with debootstrap, installing apt-transport-https
>    eats roughly 10 Mo of space.
> 
>  - The following other packages are installed: ca-certificates krb5-locales libcurl3-gnutls
>    libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 libnghttp2-14
>    librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh2-1 openssl.
>    This increases the system's complexity.
> 
> Limitations to these costs:
> 
>  - Systems where disk space is crucial are or can be constructed by starting from the
>    smaller subset of "Required" packages (supported in debootstrap by the "minbase" option).
> 
>  - Systems where disk space costs (like cloud images) are not necessarly billed at a
>    granularity where 10 Mo matters.  For instance on the Amazon cloud, users are billed
>    per Gigabyte, therefore installing apt-transport-https by default would
>    only cost in case it would cause images sizes to increase to the next gigabyte.

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: