Re: Q: Use https for {deb,security}.debian.org by default
Hi all,
Thanks for your comments!
It seems that no big blocker to make https default for deb.debian.org
and security.debian.org.
On Thu, 19 Aug 2021 22:38:20 +0900
Hideki Yamane <henrich@iijmio-mail.jp> wrote:
> Now deb.debian.org and security.debian.org provide https access
> but created sources.list file use http for those. Is there any
> reason to use http instead of https for them? (traffic, policy,
> etc...) If not, how about to change it?
Q: Make https as default situation worse?
A: No :)
If the clock setting is not appropriate, d-i provides NTP setting
through installation.
Q: Is there any benefit?
A: Yes, going forward with https as default is a trend, and some
people complain about the way for accessing our repo as http.
We can avoid such boring discussion and wrong message to users.
Q: How about largely deploy environment like containers?
A: They can choose http for that, since just "https as default"
Q: Is it perfect solution?
A: Of course not :)
Q: Do you intend to mandate https access for apt?
A: No, just make https "default" for deb.debian.org and security.debian.org.
There is a choise to use other repo and http instead.
--
Hideki Yamane <henrich@iijmio-mail.jp>
Reply to: