summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2018-01-22 14:15:18 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2018-01-22 14:15:18 +0100
commit2fd8655ca7da6ff31f73253986bab7bd311664c7 (patch)
tree3de215820e24bfa5715c1b8611e075d2480a8c5b
parentbd13a64155a153823f2f5b74f0d41854e742332b (diff)
add a paragraph about changelog download via Tor
-rw-r--r--README.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/README.md b/README.md
index c03d7a2..ed3ff6b 100644
--- a/README.md
+++ b/README.md
@@ -78,6 +78,22 @@ via the following configuration options to fail for non-tor-http(s) sources:
Dir::Bin::Methods::http "false";
Dir::Bin::Methods::https "false";
+### Downloading changelogs
+
+The locations of changelogs is independent of repository. The Release file can
+and should include the URI changelogs can be found on, which tends to be an http
+URI of a central service.
+
+You can override the value from the Release file to use Tor here as well, or if
+you happen to know an onion address use this one instead. the following listing
+gives three valid configurations for Debian where the first one is the default,
+the second uses the default via Tor and the third uses an onion service address.
+
+ Acquire::Changelogs::URI::Override::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";
+ Acquire::Changelogs::URI::Override::Origin::Debian "tor+http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";
+ Acquire::Changelogs::URI::Override::Origin::Debian "tor+http://cmgvqnxjoiqthvrc.onion/changelogs/@CHANGEPATH@_changelog";
+
+
## Caveats
Downloading your Debian packages over Tor prevents an attacker who is