On Wed, 2021-09-08 at 15:41 +0200, Helmut Grohne wrote: > On Wed, Sep 08, 2021 at 02:01:03PM +0200, Ansgar wrote: > > So what do you suggest then? Tech-ctte as with merged-/usr? Or a > > GR? Or > > something else? > > I propose that the proponents pay the cost. In this case, it is a bit > unclear what that means precisely (which likely is the reason they > haven't done it already). At the very least though, apt install > auto-apt-proxy should continue to work on a default installation in a > sensible way.
I can file a bug for auto-apt-proxy to include an apt.conf snippet saying Acquire::https::Verify-Peer false; That clearly makes it work again: you ask for auto-apt-proxy users to have connections that can be impersonated by a man in the middle by default. The above setting does that. Not verifying certificates for some users seems better than having all users not verify certificates (as no https is used at all). > In > the absence of reason not to use https, https should be preferred. As > it > happens, we figured a reason not to use https. I can find a reason not to use https for any protocol (some sites want to inspect/cache all traffic) :-) Ansgar