Re: Q: Use https for {deb,security}.debian.org by default

[Hideki Yamane <henrich@iijmio-mail.jp>]

Hi all,

 Thanks for your comments!
 It seems that no big blocker to make https default for deb.debian.org
 and security.debian.org.


On Thu, 19 Aug 2021 22:38:20 +0900
Hideki Yamane <henrich@iijmio-mail.jp> wrote:
>  Now deb.debian.org and security.debian.org provide https access
>  but created sources.list file use http for those. Is there any
>  reason to use http instead of https for them? (traffic, policy,
>  etc...) If not, how about to change it?

 Q: Make https as default situation worse?
   A: No :)
      If the clock setting is not appropriate, d-i provides NTP setting
      through installation. 

 Q: Is there any benefit?
   A: Yes, going forward with https as default is a trend, and some
      people complain about the way for accessing our repo as http.
      We can avoid such boring discussion and wrong message to users.

 Q: How about largely deploy environment like containers?
   A: They can choose http for that, since just "https as default"

 Q: Is it perfect solution?
   A: Of course not :)

 Q: Do you intend to mandate https access for apt?
   A: No, just make https "default" for deb.debian.org and security.debian.org.
      There is a choise to use other repo and http instead.



-- 
Hideki Yamane <henrich@iijmio-mail.jp>