[manjaro-mirrors] Requiring HTTPS for repo mirrors

Jonathon Fernyhough jonathon at manjaro.org
Fri Mar 31 09:29:17 CEST 2017

How many people set up an HTTP caching proxy that caches files larger
than 5 or 10MB?

Why are people using an HTTP cache instead of running an internal mirror
(or even just copying packages from one machine to a networked file store)?

What benefits of HTTPS would outweigh HTTP caching?

On 31/03/17 03:04, Dietrich Daroch wrote:
> HTTPS kills all the caching on the internet infrastructure for not too
> much. It does makes sense to gather the signatures through HTTPS though.
> On Thu, Mar 30, 2017 at 5:28 AM, Jonathon Fernyhough
> <jonathon at manjaro.org <mailto:jonathon at manjaro.org>> wrote:
>     Multiple mirrors (16?) now provide access via HTTPS.
>     Is it time to make HTTPS a requirement for mirrors?
>     I say yes. :)
>     J
>     (cross-posted to manjaro-dev, manjaro-mirrors)

More information about the manjaro-mirrors mailing list