mention how to disable non-tor sources in apt

1 files changed, 14 insertions, 10 deletions

diff --git a/README.md b/README.md
index 9380be4..ca7edc0 100644
--- a/README.md
+++ b/README.md
@@ -51,22 +51,26 @@ available as an onion service.
 
 ## Configuration
 
-Most users should not need to adjust SOCKS settings.
+### Using a different Tor instance
 
 By default, apt-transport-tor uses the following SOCKS proxy setting, which
-matches the default Tor SOCKS port:
+is the default location of a locally installed Tor instance:
 
-    socks5h://apt-transport-tor@localhost:9050
+	Acquire::tor::proxy "socks5h://apt-transport-tor@localhost:9050";
 
-If you want to use a different port, you can edit the Acquire::tor::proxy
-apt preference:
+Note the use of a username to make use of the default IsolateSOCKSAuth Tor
+setting for stream isolation, which requires Tor 0.2.4.19 to work well.
+This means your apt traffic will be sent over a different circuit from your
+regular Tor traffic and for each host you connect to.
 
-    Acquire::tor::proxy "socks5h://apt-transport-tor@localhost:9050";
+### Disabling use of http(s) without Tor in APT
 
-Note the use of a username to make use of the default IsolateSOCKSAuth Tor
-setting for stream isolation, which requires bug fixes from Tor 0.2.4.19 to
-work well.  This means your apt traffic will be sent over a different circuit
-from your regular Tor traffic for each host you connect to.
+APT >= 1.3 allows methods to be disabled without removing them from the system,
+so to avoid mistakenly adding new sources without using tor you can tell apt
+via the following configuration options to fail for non-tor-http(s) sources:
+
+	Dir::Bin::Methods::http "false";
+	Dir::Bin::Methods::https "false";
 
 ## Caveats