16 Jun
2015
16 Jun
'15
4:11 p.m.
Hi,
Google is failing me.
I know I can use acquire::http::proxy in apt.conf.d to set a proxy server,
but this seems to make it used for both HTTPS and HTTP traffic -- however I
only want to use it for HTTP traffic.
Any suggestions?
(Things not to say:
* Use iptables to transparently proxy port 80
* Get a better HTTP proxy that support SSL
)
Toby
16 Jun
16 Jun
4:48 p.m.
On Tue, 16 Jun 2015, Toby Corkindale wrote:
Hi,
Google is failing me.
I know I can use acquire::http::proxy in apt.conf.d to set a proxy server,
but this seems to make it used for both HTTPS and HTTP traffic -- however I
only want to use it for HTTP traffic.
Any suggestions?
(Things not to say:
* Use iptables to transparently proxy port 80
* Get a better HTTP proxy that support SSL
)
Don't know about https itself, but does limiting hosts help you?
//Acquire::http::Proxy "http://localhost:3142/";
Proxy::bugs.debian.org "http://localhost:8080";
// bug 493980:
Proxy::packages.debian.org "http://localhost:8080";
--
Tim Connors
5:40 p.m.
I was wondering
Is there a way to specify Acquire::HTTPS::Proxy in a negative way?
(Since setting acquire::http::proxy seems to set it up for https too
without me wanting it)
On Tue, 16 Jun 2015 at 16:48 Tim Connors <tim.w.connors(a)gmail.com> wrote:
On Tue, 16 Jun 2015, Toby Corkindale wrote:
Hi,
Google is failing me.
I know I can use acquire::http::proxy in apt.conf.d to set a proxy
server,
but this seems to make it used for both HTTPS and
HTTP traffic --
however I
only want to use it for HTTP traffic.
Any suggestions?
(Things not to say:
* Use iptables to transparently proxy port 80
* Get a better HTTP proxy that support SSL
)
Don't know about https itself, but does limiting hosts help you?
//Acquire::http::Proxy "http://localhost:3142/";
Proxy::bugs.debian.org "http://localhost:8080";
// bug 493980:
Proxy::packages.debian.org "http://localhost:8080";
--
Tim Connors
5:56 p.m.
This seems to do the trick! Note that the space between the quote marks is
required.. otherwise it doesn't help.
Acquire::HTTPS::Proxy " ";
On Tue, 16 Jun 2015 at 17:40 Toby Corkindale <toby(a)dryft.net> wrote:
I was wondering
Is there a way to specify Acquire::HTTPS::Proxy in a negative way?
(Since setting acquire::http::proxy seems to set it up for https too
without me wanting it)
On Tue, 16 Jun 2015 at 16:48 Tim Connors <tim.w.connors(a)gmail.com> wrote:
On Tue, 16 Jun 2015, Toby Corkindale wrote:
Hi,
Google is failing me.
I know I can use acquire::http::proxy in apt.conf.d to set a proxy
server,
but this seems to make it used for both HTTPS and
HTTP traffic --
however I
only want to use it for HTTP traffic.
Any suggestions?
(Things not to say:
* Use iptables to transparently proxy port 80
* Get a better HTTP proxy that support SSL
)
Don't know about https itself, but does limiting hosts help you?
//Acquire::http::Proxy "http://localhost:3142/";
Proxy::bugs.debian.org "http://localhost:8080";
// bug 493980:
Proxy::packages.debian.org "http://localhost:8080";
--
Tim Connors
18 Jun
18 Jun
11:36 a.m.
Toby Corkindale <toby(a)dryft.net> writes:
I know I can use acquire::http::proxy in apt.conf.d to
set a proxy server,
but this seems to make it used for both HTTPS and HTTP traffic -- however I
only want to use it for HTTP traffic.
Probably not helpful, but:
Just don't use TLS for apt repos?
What's the threat model that you're trying to address by using
apt-transport-https ?
apt's "is this package haxxed?" relies entirely on the Release file
being signed by a GPG key in apt-key's keyring (plus a chain of
md5/sha1/sha2-sums). So AFAICT the only gain from TLS is the ability to
conceal (from your ISP) which packages you've downloaded.
What am I missing?
19 Aug
19 Aug
2:52 p.m.
Way to make assumptions, Trent.
I can't control the fact that some repositories are SSL only. That's out of
my control.
Choosing not to use software just because the authors believe in
SSL-everywhere would be ridiculous. Even though I agree, it's not adding
any actual security.
-Toby
On Thu, 18 Jun 2015 at 11:36 Trent W. Buck <trentbuck(a)gmail.com> wrote:
Toby Corkindale <toby(a)dryft.net> writes:
I know I can use acquire::http::proxy in
apt.conf.d to set a proxy
server,
but this seems to make it used for both HTTPS and
HTTP traffic --
however I
only want to use it for HTTP traffic.
Probably not helpful, but:
Just don't use TLS for apt repos?
What's the threat model that you're trying to address by using
apt-transport-https ?
apt's "is this package haxxed?" relies entirely on the Release file
being signed by a GPG key in apt-key's keyring (plus a chain of
md5/sha1/sha2-sums). So AFAICT the only gain from TLS is the ability to
conceal (from your ISP) which packages you've downloaded.
What am I missing?
4:28 p.m.
On Wed, 19 Aug 2015 at 14:53 Toby Corkindale <toby(a)dryft.net> wrote:
Choosing not to use software just because the authors
believe in
SSL-everywhere would be ridiculous. Even though I agree, it's not adding
any actual security.
Telling apt-get to use https adds privacy - people monitoring your network
traffic cannot see what packages you are downloading.
2779
days inactive
2843
days old
6 comments
4 participants
participants (4)
-
Brian May -
Tim Connors -
Toby Corkindale -
trentbuck@gmail.com