Hacker News new | past | comments | ask | show | jobs | submit login

TL;DR

> providing a huge worldwide mirror network available over SSL is [...] a complicated engineering task

> A switch to HTTPS would also mean you could not take advantage of local proxy servers




My local Debian mirrors support HTTPS, and I assume other mirror sites worth their salt do too. Easy enough for Debian to redirect to your local mirror.


The local apt-cacher-ng instance I run in my office network cannot be redirected to by Debian, because cannot be aware of it. The apt client will need to build support for local proxies.

As it stands right now, apt-cacher-ng cannot work with https sources.


Fedora handles this use case beautifully with MirrorManager, which includes the EPEL repos as well. All of the logic is server side, when a yum/dnf client connects to the Metalink server to fetch a mirror list from our IP block it gets sent our internal mirror - I wish more distros had similar setups.


So, the public metalink server is aware of your internal mirror?


Yes, the mirror is configured as private and is only served to machines in my IP range - since it’s on the internal network it does nobody else good to have access.


So every private mirror has to be registered with a central upstream. That sounds unpalatable.


It doesn’t HAVE to be, I can manually edit my yum configs and specify the mirror - but using MM and Metalink means it automatically gets used.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: