On Sat, Aug 21, 2021 at 10:40:32AM +0200, Wouter Verhelst wrote: > On Fri, Aug 20, 2021 at 07:20:22PM +0000, Jeremy Stanley wrote: > > Yes transparent proxies or overridden DNS lookups could be used to > > direct deb.debian.org and security.debian.org to your alternative > > location, > > I've been thinking for a while that we should bake a feature in apt > whereby a network administrator can indicate somehow that there is a > local apt mirror and that apt should use that one in preference to > deb.debian.org. > > This could be useful for both the "I've got a slow uplink and would like > it to not be overwhelmed at the BSP I'm hosting for my Debian friends" > type as well as the "I'm an ISP and I want to provide a mirror to Debian > users so we can reduce our uplink connection a bit" type of situations. > > However, I've not been able to come up with a scheme which is simple > enough to be doable on a LAN while at the same time be usable by larger > network providers, *and* which can't also be abused by MitM attackers. > > Perhaps it's just not something we would be able to do?
https://tracker.debian.org/pkg/squid-deb-proxy sparks into my mind, but I cant tell which of those use cases it could tackle, did not investiage enough for it. (eg for sure wont help at ISP level) -- tobi