Document localhost vs 127.0.0.1 default proxy setting

Closes: #895908

2 files changed, 9 insertions, 2 deletions

diff --git a/README.md b/README.md
index 7683c7e..823c453 100644
--- a/README.md
+++ b/README.md
@@ -77,13 +77,20 @@ be configured for individual sources via sources.list options.
 By default, apt-transport-tor uses the following SOCKS proxy setting, which
 is the default location of a locally installed Tor instance:
 
-	Acquire::tor::proxy "socks5h://apt-transport-tor@localhost:9050";
+	Acquire::tor::proxy "socks5h://apt-transport-tor@127.0.0.1:9050";
 
 Note the use of a username to make use of the default IsolateSOCKSAuth Tor
 setting for stream isolation, which requires Tor 0.2.4.19 to work well.
 This means your apt traffic will be sent over a different circuit from your
 regular Tor traffic and for each host you connect to.
 
+Earlier apt versions (before 1.7) default to `localhost` instead of `127.0.0.1`.
+This can lead to SRV requests being sent to a DNS server – for most users that
+should be a local caching server, but for some it might be a more remote (and
+hence potentially hostile) server. This is something to be aware of in general
+if you are using a hostname in the configuration. On the upside this can give
+you all the flexibility provided via SRV.
+
 ### Disabling use of http(s) without Tor in APT
 
 APT >= 1.3 allows methods to be disabled without removing them from the system,
diff --git a/debian/control b/debian/control
index 5d88e05..7093a32 100644
--- a/debian/control
+++ b/debian/control
@@ -14,7 +14,7 @@ Package: apt-transport-tor
 Architecture: all
 Multi-Arch: foreign
 Depends: apt (>= 1.3~rc1), ${misc:Depends}
-Recommends: apt (>= 1.6~alpha6), tor
+Recommends: apt (>= 1.7~alpha1), tor
 Description: APT transport for anonymous package downloads via Tor
  Provides support in APT for downloading packages anonymously via the Tor
  network.