Control: tag -1 wishlist Hello,
One primary purpose of SSL is to prevent MITM attacks on communication between client and server. What apt-cacher-ng does is precisely equivalent to that, so it's properly impossible to fix this "bug". The solution is to not use SSL: the gpg-signed release files will indeed verify the authenticity of the downloaded packages, and the expiration dates will confirm that the packages downloaded are not (too) out of date. SSL also provides some privacy (i.e., obscuring the packages that are being downloaded somewhat). That is unfortunately not something that can be reasonably provided by this package, since by its nature the cacher will know what you request of it (and, more fatally, that you are requesting anything of it). Best, Antonio Russo
