On Mon, May 09, 2016 at 08:42:32PM +0000, Stuart Henderson wrote: > On 2016-05-09, arrowscr...@mail.com <arrowscr...@mail.com> wrote: > > - Do you plan to support ftp.openbsd.org? Would be great to > > download packages with more security > > https is meant to provide privacy from eavesdroppers on the network > path between the endpoints. security is a different matter (packages > have been signed for several releases now which gives far greater > benefit than https). > > (also with often 500-1000 short connections for a package update, > https is going to suck with the current implementation, there is > no pipelining or session caching).
Admittedly, I have an http 1.1 implementation somewhere in pkg_add. But the http servers have been lacking. Losing the connection for no reason and not knowing about it for a while is much worse than the current flurry of small connections. I don't fancy reimplementing some RTT estimate in the http client code to know when the connection goes dead... :-/