summaryrefslogtreecommitdiff
path: root/doc/sources.list.5.xml
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2017-07-26 19:09:59 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2017-07-26 19:09:59 +0200
commit2920e9428e26004f90a1f1ea86f07850b2204f85 (patch)
tree601b38dc82e987ad0ed141caa31b480e6f6fb4ca /doc/sources.list.5.xml
parentf2f8e89f08cdf01c83a0b8ab053c65329d85ca90 (diff)
parent8580574ec63fedd39a3ab3b9f0025e08eae5f620 (diff)
Merge branch 'feature/authconf'
Diffstat (limited to 'doc/sources.list.5.xml')
-rw-r--r--doc/sources.list.5.xml61
1 files changed, 43 insertions, 18 deletions
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index dd057eb32..c4df9aa58 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -350,6 +350,40 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
<para>The currently recognized URI types are:
<variablelist>
+ <varlistentry><term><command>http</command></term>
+ <listitem><para>
+ The http scheme specifies an HTTP server for an archive and is the most
+ commonly used method, with many options in the
+ <literal>Acquire::http</literal> scope detailed in &apt-conf;. The URI can
+ directly include login information if the archive requires it, but the use
+ of &apt-authconf; should be preferred. The method also supports SOCKS5 and
+ HTTP(S) proxies either configured via apt-specific configuration or
+ specified by the environment variable <envar>http_proxy</envar> in the
+ format (assuming an HTTP proxy requiring authentication)
+ <replaceable>http://user:pass@server:port/</replaceable>.
+ The authentication details for proxies can also be supplied via
+ &apt-authconf;.</para>
+ <para>Note that these forms of authentication are insecure as the whole
+ communication with the remote server (or proxy) is not encrypted so a
+ sufficiently capable attacker can observe and record login as well as all
+ other interactions. The attacker can <emphasis>not</emphasis> modify the
+ communication through as APTs data security model is independent of the
+ chosen transport method. See &apt-secure; for details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry><term><command>https</command></term>
+ <listitem><para>
+ The https scheme specifies an HTTPS server for an archive and is very
+ similar in use and available options to the http scheme. The main
+ difference is that the communication between apt and server (or proxy) is
+ encrypted. Note that the encryption does not prevent an attacker from
+ knowing which server (or proxy) apt is communicating with and deeper
+ analyses can potentially still reveal which data was downloaded. If this is
+ a concern the Tor-based schemes mentioned further below might be a suitable
+ alternative.</para></listitem>
+ </varlistentry>
+
+
<varlistentry><term><command>file</command></term>
<listitem><para>
The file scheme allows an arbitrary directory in the file system to be
@@ -359,27 +393,19 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
<varlistentry><term><command>cdrom</command></term>
<listitem><para>
- The cdrom scheme allows APT to use a local CD-ROM drive with media
+ The cdrom scheme allows APT to use a local CD-ROM, DVD or USB drive with media
swapping. Use the &apt-cdrom; program to create cdrom entries in the
source list.</para></listitem>
</varlistentry>
- <varlistentry><term><command>http</command></term>
- <listitem><para>
- The http scheme specifies an HTTP server for the archive. If an environment
- variable <envar>http_proxy</envar> is set with the format
- http://server:port/, the proxy server specified in
- <envar>http_proxy</envar> will be used. Users of authenticated
- HTTP/1.1 proxies may use a string of the format
- http://user:pass@server:port/.
- Note that this is an insecure method of authentication.</para></listitem>
- </varlistentry>
-
<varlistentry><term><command>ftp</command></term>
<listitem><para>
- The ftp scheme specifies an FTP server for the archive. APT's FTP behavior
- is highly configurable; for more information see the
- &apt-conf; manual page. Please note that an FTP proxy can be specified
+ The ftp scheme specifies an FTP server for an archive. Use of FTP is on the
+ decline in favour of <literal>http</literal> and <literal>https</literal>
+ and many archives either never offered or are retiring FTP access. If you
+ still need this method many configuration options for it are available in
+ the <literal>Acquire::ftp</literal> scope and detailed in &apt-conf;.</para>
+ <para>Please note that an FTP proxy can be specified
by using the <envar>ftp_proxy</envar> environment variable. It is possible
to specify an HTTP proxy (HTTP proxy servers often understand FTP URLs)
using this environment variable and <emphasis>only</emphasis> this
@@ -407,9 +433,8 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
<listitem><para>
APT can be extended with more methods shipped in other optional packages, which should
follow the naming scheme <package>apt-transport-<replaceable>method</replaceable></package>.
- For instance, the APT team also maintains the package <package>apt-transport-https</package>,
- which provides access methods for HTTPS URIs with features similar to the http method.
- Methods for using e.g. debtorrent are also available - see &apt-transport-debtorrent;.
+ For instance, the APT team also maintains the package <package>apt-transport-tor</package>,
+ which provides access methods for HTTP and HTTPS URIs routed via the Tor network.
</para></listitem>
</varlistentry>
</variablelist>