On Fri, 12 Oct 2018, Chris Boot wrote:
Except it doesn't really make any odds for Debian repositories, where the contents is signed using GPG. Transport encryption doesn't add anything if the data is already signed at source, and just makes mirroring and caching harder.
Newer versions of Apt (coming in Debian buster) have the https transport built-in, but until then you need to install apt-transport-https.
Cheers, Chris
I agree that this https make not a big sense here. In my opinion, when you ask a server for http it should not deliberately redirect you to https. If somebody whats a https, then put it into the apt source.list as https. Now I have to fix a lot of devices by hand, because apt always ends with error and updates are working no more. Adam Pribyl
On 12/10/18 19:44, Jonathan Stewart wrote:
I had to install apt-transport-https on debian 9 to reach the repositories.
Personally, i was more surprised debian didn't support HTTPS by default rather than surprised that BIRD is deprecating HTTP. The deprecation of HTTP is happening everywhere.
Jonathan
On Fri, Oct 12, 2018 at 10:12 AM Adam Pribyl <pribyl@lowlevel.cz <mailto:pribyl@lowlevel.cz>> wrote:
We have embedded debian instalations using the debian bird package. However the repo url http://bird.network.cz/debian/ is redirected to https. This causes a problems, because our installations do not have https and apt ends with:
The method driver /usr/lib/apt/methods/https could not be found.
In my opinion the explicit http request should not be automaticaly rewriten to https.
Adam Pribyl
-- Jonathan
-- Chris Boot bootc@boo.tc