]] Paul Tagliamonte > On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote: > > It is also evident that there are some challenges for deploying TLS on > > a mirror network and/or CDN. I don't think anyone is suggesting > > tearing down our existing mirror network. > > https://deb.debian.org/ is now set up (thanks, folks!), so my attention > is now shifted away from the push to https all the things (not everyone > will, so I just want a stable well-used domain that could be a sensable > default, and let those who don't want to move forward stay in the past) > and on to considering the apt https transport and thoughts on how this > could become part of the base install.
Note that the performance of HTTPS there is worse than for HTTP due to a lack of SRV support in apt-transport-https, though, which means it falls back to doing HTTP redirects. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are
