diff options
author | David Kalnischkies <david@kalnischkies.de> | 2017-07-26 19:09:59 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2017-07-26 19:09:59 +0200 |
commit | 2920e9428e26004f90a1f1ea86f07850b2204f85 (patch) | |
tree | 601b38dc82e987ad0ed141caa31b480e6f6fb4ca /doc/sources.list.5.xml | |
parent | f2f8e89f08cdf01c83a0b8ab053c65329d85ca90 (diff) | |
parent | 8580574ec63fedd39a3ab3b9f0025e08eae5f620 (diff) |
Merge branch 'feature/authconf'
Diffstat (limited to 'doc/sources.list.5.xml')
-rw-r--r-- | doc/sources.list.5.xml | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index dd057eb32..c4df9aa58 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -350,6 +350,40 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. <para>The currently recognized URI types are: <variablelist> + <varlistentry><term><command>http</command></term> + <listitem><para> + The http scheme specifies an HTTP server for an archive and is the most + commonly used method, with many options in the + <literal>Acquire::http</literal> scope detailed in &apt-conf;. The URI can + directly include login information if the archive requires it, but the use + of &apt-authconf; should be preferred. The method also supports SOCKS5 and + HTTP(S) proxies either configured via apt-specific configuration or + specified by the environment variable <envar>http_proxy</envar> in the + format (assuming an HTTP proxy requiring authentication) + <replaceable>http://user:pass@server:port/</replaceable>. + The authentication details for proxies can also be supplied via + &apt-authconf;.</para> + <para>Note that these forms of authentication are insecure as the whole + communication with the remote server (or proxy) is not encrypted so a + sufficiently capable attacker can observe and record login as well as all + other interactions. The attacker can <emphasis>not</emphasis> modify the + communication through as APTs data security model is independent of the + chosen transport method. See &apt-secure; for details.</para></listitem> + </varlistentry> + + <varlistentry><term><command>https</command></term> + <listitem><para> + The https scheme specifies an HTTPS server for an archive and is very + similar in use and available options to the http scheme. The main + difference is that the communication between apt and server (or proxy) is + encrypted. Note that the encryption does not prevent an attacker from + knowing which server (or proxy) apt is communicating with and deeper + analyses can potentially still reveal which data was downloaded. If this is + a concern the Tor-based schemes mentioned further below might be a suitable + alternative.</para></listitem> + </varlistentry> + + <varlistentry><term><command>file</command></term> <listitem><para> The file scheme allows an arbitrary directory in the file system to be @@ -359,27 +393,19 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. <varlistentry><term><command>cdrom</command></term> <listitem><para> - The cdrom scheme allows APT to use a local CD-ROM drive with media + The cdrom scheme allows APT to use a local CD-ROM, DVD or USB drive with media swapping. Use the &apt-cdrom; program to create cdrom entries in the source list.</para></listitem> </varlistentry> - <varlistentry><term><command>http</command></term> - <listitem><para> - The http scheme specifies an HTTP server for the archive. If an environment - variable <envar>http_proxy</envar> is set with the format - http://server:port/, the proxy server specified in - <envar>http_proxy</envar> will be used. Users of authenticated - HTTP/1.1 proxies may use a string of the format - http://user:pass@server:port/. - Note that this is an insecure method of authentication.</para></listitem> - </varlistentry> - <varlistentry><term><command>ftp</command></term> <listitem><para> - The ftp scheme specifies an FTP server for the archive. APT's FTP behavior - is highly configurable; for more information see the - &apt-conf; manual page. Please note that an FTP proxy can be specified + The ftp scheme specifies an FTP server for an archive. Use of FTP is on the + decline in favour of <literal>http</literal> and <literal>https</literal> + and many archives either never offered or are retiring FTP access. If you + still need this method many configuration options for it are available in + the <literal>Acquire::ftp</literal> scope and detailed in &apt-conf;.</para> + <para>Please note that an FTP proxy can be specified by using the <envar>ftp_proxy</envar> environment variable. It is possible to specify an HTTP proxy (HTTP proxy servers often understand FTP URLs) using this environment variable and <emphasis>only</emphasis> this @@ -407,9 +433,8 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. <listitem><para> APT can be extended with more methods shipped in other optional packages, which should follow the naming scheme <package>apt-transport-<replaceable>method</replaceable></package>. - For instance, the APT team also maintains the package <package>apt-transport-https</package>, - which provides access methods for HTTPS URIs with features similar to the http method. - Methods for using e.g. debtorrent are also available - see &apt-transport-debtorrent;. + For instance, the APT team also maintains the package <package>apt-transport-tor</package>, + which provides access methods for HTTP and HTTPS URIs routed via the Tor network. </para></listitem> </varlistentry> </variablelist> |