Hi, On 21.08.21 10:40, Wouter Verhelst wrote:
I've been thinking for a while that we should bake a feature in apt whereby a network administrator can indicate somehow that there is a local apt mirror and that apt should use that one in preference to deb.debian.org.
I've been thinking the same thing, but that would negate the remaining security benefit of using https, that's why I expressed a preference for making it visible that the connection is not encrypted and security is only provided by the signatures over pretending it is and then (silently?) allowing a proxy to intercept the connection.
Simon
OpenPGP_signature
Description: OpenPGP digital signature