Bug#1026922: golang-go: how HTTP*_PROXY should work v.s. how it operates currently
Package: golang-go Version: 2:1.15~1 Followup-For: Bug #1026922 X-Debbugs-Cc: debbug.1026...@sideload.33mail.com HD> I’d suppose there is a misunderstanding: HTTP_PROXY is used to HD> specify the proxy options of all HTTP connections, and HTTPS_PROXY HD> is used by HTTPS connections. Only in this way the names of HD> ALL_PROXY and NO_PROXY could make sense. What you describe is how the HTTP*_PROXY variables *should* work. But that’s not the case. For example, users of the Hydroxide app (written in Go) are being told to run: HTTPS_PROXY='socks5://127.0.0.1:9050' hydroxide $args See the problem? SOCKS has nothing to do with HTTP(S). SOCKS proxies cannot serve as an HTTP proxy because HTTP proxies are protocol-specific. A SOCKS proxy is protocol independant.
Bug#1026922:
I’d suppose there is a misunderstanding: HTTP_PROXY is used to specify the proxy options of all HTTP connections, and HTTPS_PROXY is used by HTTPS connections. Only in this way the names of ALL_PROXY and NO_PROXY could make sense. --- Dawei Huang
Bug#1026922: golang-go: more action needed
Package: golang-go Version: 2:1.15~1 Followup-For: Bug #1026922 X-Debbugs-Cc: debbug.1026...@sideload.33mail.com > This is exactly feature that Go upstream provides for a long time. > If you think differently, you should open a "proposal" in Go upstream, > https://github.com/golang/proposal#the-proposal-process “Feature” is the wrong word here. Use of incorrect terminology & misstating a usage is a plainly obvious defect. The incorrectness of (e.g.) calling a “potato” a “tomato” leaves no room for subjectivity. It’s a bug. Consequently, a bug report was filed (not a feature proposal). To say it’s been that way “a long time” is known as a /Conventional Wisdom/ fallacy. The bug does not become less of a bug over time. The only effect that time has in this case is to do more damage, as more and more code creates dependencies on the defect. Go lang itself is also a quite young language, coming into existence in 2009. So nothing about the language has existed for “a long time”. Directing users to report bugs upstream goes against Debian conventions. It’s the duty of the maintainer to mirror bugs upstream: https://www.debian.org/Bugs/Reporting Not everyone has MS Github. Not everyone is willing to have transactions with Microsoft. I cannot login to Github because the 2fa process forces me to check an account that blocks access to the verification code with a broken CAPTCHA. Please follow the Debian procedure and mirror this bug report upstream; not as a proposed new feature but as a bug report. Thank you.
Bug#1026922: golang-go: The HTTP_PROXY variable is incorrectly implemented to accept SOCKS proxies. HTTP≠SOCKS
Package: golang-go Version: 2:1.15~1 Severity: normal X-Debbugs-Cc: debbug.gol...@sideload.33mail.com The go standard libraries apparently include some automatic proxy support for /go/ apps when the HTTPS_PROXY variable is populated. The problem is that SOCKS proxies are accepted. A SOCKS proxy is a different beast than an HTTP proxy. The HTTP*_PROXY variables are conventially used by browsers to specify HTTP proxies. It’s misleading and wrong to use it to specify SOCKS proxies. Here is an example of an app that uses the /go/ standard libs in this way: https://github.com/emersion/hydroxide/issues/110#issuecomment-751387567 URLs with the socks*:// scheme should be refused & trigger an error. -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'testing'), (990, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-19-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages golang-go depends on: ii golang-1.15-go 1.15.15-1~deb11u4 ii golang-src 2:1.15~1 golang-go recommends no packages. Versions of packages golang-go suggests: ii git 1:2.30.2-1 -- no debconf information