On Wed, 2018-09-05 at 14:58 +0200, Philipp Kern wrote: > On 2018-09-05 12:35, Wouter Verhelst wrote: [...] > > I disagree with that, but I do also agree that it would be preferable > > if > > local proxies or mirrors were used preferably. > > > > However, this shouldn't be done by way of manual configuration; > > instead, > > I think it should be done by way of autodetection performed by apt, > > something not unlike the proxy-PAC scheme, where a browser looks for > > pac.<domain>, with the <domain> part being what was passed to it by > > DHCP, incrementally dropping off the leaf-most part of that until it > > resolves. > > > > I think such a scheme could work for apt too. > > Arguably the correct way would be to fetch the PAC and execute it to > determine the proxy for the host. Of course that'd require interpreting > Javascript.
Indeed. The use of Javascript makes WPAD implementation quite risky. There are other dangers in implementating WPAD; for example see <https://www.us-cert.gov/ncas/alerts/TA16-144A>. It could be useful, and maybe even worth enabling by default, if it was supported in all (or at least most) of the different HTTP libraries we ship. But I don't think we're anywhere near there, so supporting it at installation time only doesn't seem worth the trouble. Ben. -- Ben Hutchings I'm always amazed by the number of people who take up solipsism because they heard someone else explain it. - E*Borg on alt.fan.pratchett
signature.asc
Description: This is a digitally signed message part
