• Joey Hess's avatar
    default to https mirror for Debian when no gpg verification is available · e6380aad
    Joey Hess authored
    When deboostrapping Debian, and the debian-archive-keyring is not
    available, switch the default mirror to a https url. This way at least the
    CA level of security is available even for users who have no way to check
    gpg keys in the WoT. The https mirror is currently
    https://mirrors.kernel.org/debian.
    
    When the keyring is available, the default mirror remains non-https,
    for several reasons:
    
    a) to avoid overloading mirrors.kernel.org
    b) because http.us.debian.org lacks https support
    c) because mirrors.kernel.org is not currently in the
       http.us.debian.org rotation
    d) because mirrors.kernel.org lacks IPv6 support
    e6380aad
debootstrap 18.4 KB