On Fri, 11 Feb 2000 [EMAIL PROTECTED] wrote: > I'd like to see scp as an apt install option. This could be useful at least > in the following setting:
This makes very little sense as something that should be implemented in APT. It makes *MUCH* more sense to implement an https method. In particular you could make https connections only for the index files and use the embedded MD5 checksums for the data connections - keeping load off the server. It works just as well as ssh, except that it is anonymous (or protected with http type ACLs). SSL has host keys so you can make sure your index is coming from the right place. Furthermore, it would be pretty easy to implement if someone were to decide to do it - but it would never be part of the APT proper package due to those pesky crypto regs. An apt-https-method package is concievable and would drop in seemlessly. Thus, this is not an APT bug, but a request for someone to write a new package :> I think it would be pretty easy to SSLize my HTTP method actually. > the correct download server _and_ it is verified that the package comes > through untampered with. No need to do MD5 verification after download. You do know APT md5 checks every file it downloads already? It computes the hash on the fly as the file goes to the disk. Jason
