Control: tag -1 wontfix On Thu, Feb 27, 2025 at 11:21:21AM +0100, Chris Hofstaedtler wrote: > Package: apt > Version: 2.9.30 > > While investigating a checksum mismatch error today, DSA and me > would have had a much easier time if APT would print the received > HTTP headers on such an error. > > IOW: > > When printing... > > E: Failed to fetch > http://deb.debian.org/debian/pool/main/p/pyjwt/pyjwt_2.10.1-2.dsc File has > unexpected size (24636 != 2390). Mirror sync in progress? [IP: 199.232.18.132 > 80] > Hashes of expected file: > - SHA256:18c7ac34d689629fef29f06a3de41a4c998c2a4ee42f9c36d7ebcaa12e051e8c > - Filesize:2390 [weak] > - MD5Sum:1dd7eb9413a1831538d87c7a1627d266 [weak] > > ..., please also print all received HTTP headers (including values), > for example (but not limited to) X-Served-By, X-Cache, X-Cache-Hits, > Age, Via, Last-Modified, Content-Length, Date.
I am going to say no; because this is a significant detriment to the user experience, and carries significant security concerns as well. All the headers need to have unsafe characters removed, etc. We have many many years ago implemented a hook system for mirror failure reports that nobody actually started using, but that would be the appropriate infrastructure to use. We should rather go in the opposite direction: Error messages should include actionable information for the user. Neither the hashes nor the sizes are relevant in the error message, and we should not show them; the correct error would be: E: Failed to fetch http://deb.debian.org/debian/pool/main/p/pyjwt/pyjwt_2.10.1-2.dsc; mirror seems damaged. That's all they need to know, and adding more information just confuses them into wondering what _they_ should do about it. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
