On Sun, Nov 06, 2016 at 12:03:03AM +0100, Philipp Kern wrote: > On 2016-11-05 22:23, Adrian Bunk wrote: > > The solution you are trying to sell is apt-transport-https as default. > [...] > > Your solution would be a lot of work with relatively little improvement. > > Well, the client-side exists and works. >...
Yes and no. It works, but there is much work left if you want to make that the default. David already mentioned in this discussion where apt-transport-https needs improvements. I did already mention that the current footprint of adding apt-transport-https to the installer and small base filesystems is currently pretty large. As an example, the installer would require two different TLS libraries if you just add apt-transport-https. I would guess there are also other areas that have to be looked at if that should become the default, like how certificate errors will be handled in the installer. > > BTW: The "possible low-effort improvement without tradeoff" is: > > > > Is apt-transport-tor working reliably enough for general usage? > > Are security updates available immediately through apt-transport-tor? > > Is there a good reason why apt-transport-tor is not mentioned > > at the frontpage of http://www.debian.org/security/ ? > > > > My current impression (that might be wrong) is that the technical side > > would be available, only documentation and perhaps PR (e.g. email to > > debian-security-announce) are missing. > > If we are limiting ourselves to mirrors run by DSA (which is what happens > for the backends of the onion balancer), we could have the same with an > HTTPS-based solution just fine. It'd likely raise the same scalability and > operational questions as HTTPS. Your proposal here simply has different > tradeoffs, not none as you claim. Russ and me were discussing one specific tradeoff. Let me repeat the relevant problem: By discouraging users from using mirrors for security.debian.org, Debian is presenting a nearly complete list of all computers in the world running Debian stable and their security update status and policies on a silver plate to the NSA. Russ answered: It's a tradeoff with freshness of security updates. With HTTP this tradeoff between "not giving information about Debian users on a silver plate to the NSA" and "providing security updates as soon as possible" exists. This tradeoff still exists with HTTPS. Tor offers a solution for this specific problem that does not have this specific tradeoff. > Kind regards > Philipp Kern cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
