Package: apt Version: 2.3.9 Severity: wishlist Hi,
as of now, there are certain HTTPS protocol schemes used in apt in conjunction with proxies. a) for http, the requests are used with GET and plain URL over http transport b) for https, CONNECT establishes a tunnel and then plain http over TLS stream is used What we don't have is option c) the user might trust his proxy and want requests to be made in plain text (GET) but with https:// schema, and the proxy gets the responsibility for HTTPS communication and delivery of the content as plain HTTP response. This should be configurable through some options. Some idea from mstone and me in the recent debian-devel thread about #992692: > If we're imagining apt options, something like > Acquire::https::Force-Proxy-HTTP true; > would probably be more useful for this specific case (not that I think it's > a great idea--too much potential for surprise). I would make it a list of trusted hosts and a special value ALL. Best regards, Eduard. -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.14.1+ (SMP w/12 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apt depends on: ii adduser 3.118 ii debian-archive-keyring 2021.1.1 ii gpgv 2.2.27-2 ii gpgv2 2.2.27-2 ii libapt-pkg6.0 2.3.9 ii libc6 2.31-17 ii libgcc-s1 11.2.0-4 ii libgnutls30 3.7.2-2 ii libseccomp2 2.5.1-1 ii libstdc++6 11.2.0-4 ii libsystemd0 247.9-1 Versions of packages apt recommends: ii ca-certificates 20210119 Versions of packages apt suggests: ii apt-doc 2.3.8 pn aptitude | synaptic | wajig <none> ii dpkg-dev 1.20.9 ii gnupg 2.2.27-2 ii gnupg2 2.2.27-2 ii powermgmt-base 1.36 -- no debconf information