Wow, I'm really surprised you guys have decided to turn pipe-lining off.
That is crazy. Pipelining has been in APT since day one (ie since 1997,
wow!), and I personally worked with a number of web server developers to
make sure their severs worked properly, according to the RFC.
Squid has *always* had varying levels of breakage when working with
pipelining, but I also extensively tested APT's HTTP method with squid
and ensured it worked for many years. It looks to me like someone must
have tried to 'improve' things in squid (probably tried to support
HTTP/1.1 keep-alive) and broke it even more..
The thought that pipe lining is inherently broken is ridiculous. The
behaviour of requesters, proxies and completer's is very well defined,
and if you follow the damn spec you don't create any problems, security,
correctness, or otherwise.
And yes, it makes an huge, obvious, night and day difference:
$ time sudo apt-get update -o Acquire::http::Pipeline-Depth=10
real 0m9.090s
$ time sudo apt-get update -o Acquire::http::Pipeline-Depth=0
real 0m19.700s
A much better suggestion would be to detect a proxy during install (most
proxies add headers to their reply) and drop a pipeline depth config
into /etc/apt/apt.conf.d/ ... Or perhaps not pipeline the first request
and look for a proxy in the reply, then turn it on.
It is completely mind blowing that squid has been broken since 1997,
even to the extent that the breakage created a whole new class of proxy
vulnerabilities (request smuggling) and nobody has fixed it, or even
really cared to notice..
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/996151
Title:
disable apt http pipelining in quantal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/996151/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
