On Wed, 2021-09-01 at 11:15 +0200, Helmut Grohne wrote: > I believe that the discussion has later identified that doing so > would > break squid-deb-proxy-client and auto-apt-proxy. Given that the > security > benefits are not strong (beyond embracing good habits), I think the > reasonable thing to do is keep preferring http.
That is an opt-in choice which likely only a small number of users use. People wanting to use a caching proxy can just switch to http as part of this choice; it doesn't seem a good reason to not use https by default for all other users. > Caching packages and transport level encryption are fundamentally > incompatible. No. You can explicitly configure apt to use a local caching mirror or use a trusted TLS certificate for the mirror the proxy impersonates. Ansgar
