[Please CC; lists.debian.org appears to be slow in processing my subscription request.]
Progeny is interested in doing some things with apt archives that aren't really possible with apt in its present state. Specifically, we're looking into integrating our repositories with a Web authentication system we're using (pubcookie) that does its magic with redirects and cookies. This requires a few things of the http method in apt: - SSL support - Cookie support - Redirect support - Authentication support We've looked at the apt-https work, and it looks to be mostly right up our alley. However, we're only interested in encrypting the authentication request; the rest can happen unencrypted, using redirects to accomplish this. For this reason, we've hacked apt-https slightly to integrate the SSL support into the http method, and made https a symlink to http (similar to how bzip/gzip and rsh/ssh work). It builds, but is untested at this point. We can send on a patch if you're interested; this would be against CVS as of Thursday or so. The other three extensions we're planning to write. Cookie and redirect support don't seem terribly difficult. Authentication, I understand, is already supported by embedding the username and password into the sources.list URL; we think, however, that there will be a need for interactive authentication. Our current thinking on implementing this involves using optional callbacks for registering interactive auth support, making the apt frontend responsible for supporting and implementing the callbacks. This way, current clients would still work as they do now, and future clients could be enhanced to support this if there were a need. We'd also like the auth extension to be applicable to other apt methods besides http. If these are welcome modifications to the current apt and apt-https work, then we'd like to see them integrated in. So, I'm interested in your feedback. How would you prefer to see these implemented? Which parts do you object to, and why? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
