On Wed, May 19, 2010 at 10:42:55AM +0200, Bjørn Mork wrote: > 2) http proxy servers cannot always process pipelined requests due to > the complexity this adds (complexity is always bad for security), and
This is bullshit. It's *VERY* easy to "support" pipelining: parse one request at a time, and until you're done with a given request, you just stop to watch the socket/file-descriptor for reading (IOW you let the consecutive request live in the kernel buffers). Such an implementation of course doesn't benefit from the pipelining wins, but it works just fine. In addition to that, multiplying the tcp connections means more file descriptors to be used at the http-server side, which is way inferior to pipelining. If squid fails when apt uses pipelining then squid is to be fixed. I'd say that mentioning in the README.Debian of apt that disabling the pipelining may help is fine, but disabling it by default is wrong. Pipelining is defined in the RFC since the nineties ffs... -- ·O· Pierre Habouzit ··O madco...@debian.org OOO http://www.madism.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100519124134.gc20...@madism.org