Hi Daniel, Daniel Khodaparast <daniel.khodapar...@bronto.com> (2017-04-17): > This observation resulted from working on a preseed configuration for a > Ubuntu install, while attempting to use an internal security mirror we have > for security.ubuntu.com. This mirror uses https, which after much > debugging/digging is not a supported protocol by apt-setup for security_host > and security_path. > > Currently in generators/91security there is a bit of hardcoding that forces > this to use the http protocol. There is no way to override this like with > mirror/protocol. Unfortunately we had to create a non-https mirror of > security.ubuntu.com as a stop-gap result. > > It would be nice if there was an equivalent way to set this protocol as > mirror/protocol. Preferably, this could be apt-setup/security_protocol to > coincide with the existing parameters (secuirty_host and security_path).
Right now, the only setting available is apt-setup/security_host, and there's no apt-setup/security_path (“debian-security” is hardcoded). Adding support for both shouldn't be too hard but: - we're trying to release stretch, so at some point it would be nice to stop making changes; - https support would be a nice addition but lacking it isn't a regression at this point (as I mentioned on IRC, https support is rather new); also, should it be automatically set to https if the main mirror was selected as https? At this point, I think it would be fair to ask interested people to work on this in a buster branch, not to be uploaded to unstable until the release of stretch? KiBi.
signature.asc
Description: Digital signature
