On Sun, 2018-10-14 at 01:48 +0200, David Kalnischkies wrote: > Control: clone -1 -2 > Control: severity -1 wishlist > Control: reassign -2 ftp.debian.org > > On Sat, Oct 13, 2018 at 05:06:37PM +0100, Ben Hutchings wrote: > > The default value of Acquire::Changelogs::URI::Origin::Debian is > > "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog". > > Note that this value is not used as long as the Release file contains > a Changelogs: field – which has the same value ATM. [...] > That is so that any repository can provide changelogs for its packages – > and that the URI can be changed without changing apt which has happened > historically a few times before this mechanism was introduced ~3 years > ago. OK, this makes a lot of sense. Presumably the settings in APT will be removed once all a distribution's supported releases include this field? > > Since metadata.ftp-master.debian.org supports HTTP-S and redirects to > > the https: scheme, the URL should be changed to use it from the start. > > I think the apt client is exempt from such an automatic redirect. > The "reason" is that apt < 1.5 has no built-in support for https and needs > apt-transport-https installed. Yes, I remember that problem. My point was that the redirect indicates that the https: URLs should be considered canonical. > Changing that value now means that changelog wont work for stable users > anymore who are trying to access newer Debian releases as long as they > haven't a-t-https installed – but that might be acceptable. [...] That seems like a reasonable thing to require. Ben. -- Ben Hutchings I haven't lost my mind; it's backed up on tape somewhere.
Attachment:
signature.asc
Description: This is a digitally signed message part