diff options
author | David Kalnischkies <david@kalnischkies.de> | 2018-01-22 14:15:18 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2018-01-22 14:15:18 +0100 |
commit | 2fd8655ca7da6ff31f73253986bab7bd311664c7 (patch) | |
tree | 3de215820e24bfa5715c1b8611e075d2480a8c5b | |
parent | bd13a64155a153823f2f5b74f0d41854e742332b (diff) |
add a paragraph about changelog download via Tor
-rw-r--r-- | README.md | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -78,6 +78,22 @@ via the following configuration options to fail for non-tor-http(s) sources: Dir::Bin::Methods::http "false"; Dir::Bin::Methods::https "false"; +### Downloading changelogs + +The locations of changelogs is independent of repository. The Release file can +and should include the URI changelogs can be found on, which tends to be an http +URI of a central service. + +You can override the value from the Release file to use Tor here as well, or if +you happen to know an onion address use this one instead. the following listing +gives three valid configurations for Debian where the first one is the default, +the second uses the default via Tor and the third uses an onion service address. + + Acquire::Changelogs::URI::Override::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog"; + Acquire::Changelogs::URI::Override::Origin::Debian "tor+http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog"; + Acquire::Changelogs::URI::Override::Origin::Debian "tor+http://cmgvqnxjoiqthvrc.onion/changelogs/@CHANGEPATH@_changelog"; + + ## Caveats Downloading your Debian packages over Tor prevents an attacker who is |