On Mon, 24 Mar 2025 04:39:58 -0600 Antonio Russo <[email protected]> wrote: > Control: tag -1 wishlist > > Hello,
Hi! Thank you for your work on Debian. > One primary purpose of SSL is to prevent MITM attacks on communication between > client and server. What apt-cacher-ng does is precisely equivalent to that, > so > it's properly impossible to fix this "bug". I'd agree with your point if the apt-cacher-ng documentation would say: "Due to the nature of the SSL/TLS/HTTPS protocols, apt-cacher-ng does not support SSL/TLS remotes." But what it actually says is: "... there are three (and a half) methods to use SSL. ... The "laissez-faire method": in acng.conf (or related) configure the PassThroughPattern option to contain a regex like .* and configure the clients to use apt-cacher-ng as HTTP proxy and let the clients connect to https URLs "as usual"." https://www.unix-ag.uni-kl.de/~bloch/acng/html/howtos.html#ssluse So insofar as this method (sometimes) does not work and throws an error, this is a bug. > The solution is to not use SSL: the gpg-signed release files will indeed > verify > the authenticity of the downloaded packages, and the expiration dates will > confirm that the packages downloaded are not (too) out of date. This solution is not available to me - I'm just a user, and I don't control the repositories in question. -- Celejar
