Skip to content

Comments

https by default#198

Draft
lool wants to merge 3 commits intoqualcomm-linux:mainfrom
lool:https-by-default
Draft

https by default#198
lool wants to merge 3 commits intoqualcomm-linux:mainfrom
lool:https-by-default

Conversation

@lool
Copy link
Contributor

@lool lool commented Nov 14, 2025

Review http vs https usage in the project and use https where it makes sense.

  • fix!(debos): Use https for APT by default
  • fix(ci): Bootstrap chroots with https
  • feat(Makefile): Also set https_proxy

This is particularly important in the context of compliance as http:// might be seen as insecure, or at least lacking confidentiality.

lool added 3 commits November 14, 2025 13:51
@lool
fix!(debos): Use https for APT by default
af361ad 
Using http:// for APT repositories by default made sense for Debian and
debos years ago for client performance, server load and caching
friendliness, but it compromised privacy and can be seen under a bad
light when looking at it from a cybersecurity standpoint.

Change the default Debian mirror (deb.debian.org) from http to https.

Signed-off-by: Loïc Minier <loic.minier@oss.qualcomm.com>
@lool
fix(ci): Bootstrap chroots with https
f26c3a8 
Use https instead of http for the Debian mirror when creating build
chroots.

Signed-off-by: Loïc Minier <loic.minier@oss.qualcomm.com>
@lool
feat(Makefile): Also set https_proxy
8b58150 
This typically won't help for caching, but is symetric to http proxy
handling and can help with connectivity.

Signed-off-by: Loïc Minier <loic.minier@oss.qualcomm.com>
@basak-qcom
Copy link
Contributor

basak-qcom commented Nov 14, 2025

I'm OK with shipping sources.list with https, but can we continue to use plain http for development and testing please? Otherwise caching becomes impossible.

@basak-qcom
Copy link
Contributor

basak-qcom commented Nov 14, 2025

(which is going to slow down development iterations massively)

@github-actions
Copy link

github-actions bot commented Nov 14, 2025

Test Results

 2 files  ±0   6 suites  ±0   6m 50s ⏱️ ±0s
20 tests ±0  20 ✅ ±0  0 💤 ±0  0 ❌ ±0 
64 runs  ±0  64 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 8b58150. ± Comparison against base commit 8c913de.

@github-actions
Copy link

github-actions bot commented Nov 14, 2025

Test jobs for commit 8b58150

@basak-qcom
Copy link
Contributor

basak-qcom commented Nov 14, 2025

I understand this will be more of a pain to implement whatever we do. The best I can think of is to parameterise whether we want http or https, perhaps default to https for safety, allow the developer to override for local builds, and maybe add some tests to ensure that there are no plain http:// in sources.list at the end.

@lool
Copy link
Contributor Author

lool commented Feb 6, 2026

After feedback from upstream, I'm not sure I'll pursue this branch, but I should at least move it to draft.

@lool lool marked this pull request as draft February 6, 2026 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lool @basak-qcom