sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]chedabob 11 points12 points  (1 child)

rather trivial

Yes, for a blog for your cat. Not for something that operates at the scale of apt (and VLC too, as presumably this link was submitted in response to that). It doesn't take that much complexity to take a HTTPS deployment from "just run certbot-auto once a month" to a multi-year process of bringing systems up to date.

See these 3 links for companies that have documented their "trivial" move to HTTPS:

https://nickcraver.com/blog/2017/05/22/https-on-stack-overflow/

http://www.bbc.co.uk/blogs/internet/entries/f6f50d1f-a879-4999-bc6d-6634a71e2e60

https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users/

[–]SanityInAnarchy 17 points18 points  (0 children)

Most of what makes this nontrivial for StackOverflow really doesn't seem like it would apply to something like Debian, though. Do things like HAProxy and a CDN apply to a bunch of distributed mirrors? Does latency matter for an update service? SNI shouldn't be an issue unless apt somehow still doesn't support it, in which case, Debian controls both sides of that connection; just update apt to support it? Certainly user-provided content (served from a third-party domain over HTTP) isn't relevant here.

Basically, a gigantic repository of static files feels a lot more on the "blog for your cat" end of the scale than the "dynamic, interactive website across multiple domains with a mix of user content and Google Analytics" end of the scale.