You are not logged in.
- Topics: Active | Unanswered
#26 2020-01-29 20:10:23
- golinux
- Administrator
- Registered: 2016-11-25
- Posts: 2,171
Re: sources.list confusion.
@mmaglis . . . Thanks for taking the initiative to find that. I knew it existed and was going to suggest searching for it but thought better of it since I was not inclined to do so myself. IIUC (that's certainly not a given), all the packages are signed so should be secure even without https.
Offline
#27 2020-02-19 15:43:48
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 1,530
- Website
Re: sources.list confusion.
Ideas?
Firewall?
And I think this should have it's own thread, hi-jacking an official announcement thread seems a bit rude.
Black Lives Matter
Offline
#28 2020-02-20 10:09:20
- xinomilo
- Member
- Registered: 2017-07-02
- Posts: 165
Re: sources.list confusion.
Note that the apt-transport-https package is needed to take advantage of https sources.
this is only required in ascii. since apt >1.5 (beowulf) it's already included in apt, and that package is just transitional & can go away
Offline
#29 2020-02-20 10:38:45
- xinomilo
- Member
- Registered: 2017-07-02
- Posts: 165
Re: sources.list confusion.
tails uses only https iirc : https://tails.boum.org/contribute/how/mirror/
and their RR still fails, just like devuan : eg. https://dl.amnesia.boum.org/
that makes sense, otherwise devuan would have to share private keys with mirrors, which is of course out of the question.
about https://deb.debian.org , i think it only has one -sponsored- mirror and that's why it works ok.
in all mirror cases i've seen so far, if you want to use apt through https, pick a mirror that supports it..
Offline
