| * cjwatson writes a longish mail about thoughts for possible approaches to the debootstrappish part of bug 1135163, and then realises that he's argued himself round to the point where only a single option is plausible | 16:04 | |
| ubot2` | Launchpad bug 1135163 in choose-mirror (Ubuntu) "d-i can't install against an https mirror" [High,In progress] https://launchpad.net/bugs/1135163 | 16:04 |
|---|---|---|
| infinity | cjwatson: Are you going to make --no-check-gpg imply --no-check-ssl, or add the latter as an explicit debootstrap option or some such? | 17:47 |
| infinity | cjwatson: (And then pass down a cmdline/preseed to trigger same, for people who don't care about baking certs into an installer or driver disk) | 17:48 |
| cjwatson | infinity: I already made debian-installer/allow_unauthenticated imply wget --no-check-certificate, indeed | 17:49 |
| cjwatson | At least for early stages; I still need to arrange to pass that to debootstrap, but it's easy enough | 17:49 |
| infinity | cjwatson: Sure, I meant for debootstrap. | 17:49 |
| cjwatson | debootstrap has a --no-check-certificate option, so it's just a matter of having base-installer pass it. Next on my list | 17:50 |
| infinity | cjwatson: I wonder if debootrap might want a --no-check-ssl, and then a --no-check-sigs that implies -ssl/-gpg for people who want to skip all checking at once. | 17:50 |
| infinity | Oh, wait, it does? | 17:50 |
| infinity | Oh, so it does. | 17:50 |
| infinity | I've never noticed that before. | 17:50 |
| infinity | Cause I never thought it did SSL. :P | 17:51 |
| infinity | Neeeevermind, then. | 17:51 |
| cjwatson | Looks like it was added in 2010 | 17:51 |
| infinity | Explains it. I don't seem to notice new software features added after about 2002, unless they smack me in the face. | 17:52 |
| cjwatson | It may be worth having a separate preseedable question for disabling SSL checks, but I think I'll wait until somebody complains | 17:53 |
| infinity | My bet is that's what the big G would prefer. | 17:54 |
| infinity | Driver disks or custom installers are both harder than a preseed when you're installing on a network that you trust. | 17:54 |
| cjwatson | Hm, you may be right. If so I should probably do that now rather than later | 17:54 |
| cjwatson | The SSL check is weaker than GPG for most purposes | 17:55 |
| infinity | Right, AFAIR, their reason for wanting SSL wasn't anonymisation or security, but purely that they prefer not to run any HTTP services at all. | 17:55 |
| infinity | So, having one unique snowflake HTTP Ubuntu mirror irks them. | 17:55 |
| infinity | But I doubt they care AT ALL if it provides any security on top of the GPG checks. | 17:56 |
| cjwatson | I shouldn't have mailed debian-mirrors@ about adding Mirrors.masterlist metadata for this - now I'm embroiled in arguments with people missing the point | 18:00 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!