Hi,
it looks like the http.debian.net redirector looks mature enough to be
worth considering using it as the default APT repository in Tails
images. It supports the main archive, as well as backports.
Rationale:
* constantly use an APT mirror that's close from the exit node being
used
* use the same mirror at build- and run- time
* use a close mirror at build time
* that's now the default in live-build 3.x
Description:
The redirector uses the geo and network location of the user and
the mirrors, the architecture of the requested files, IP address
family, the availability and freshness of the mirrors, and a few
other things. It is constantly improved.
Details:
http://http.debian.net/
I'm starting to use it as a backend for my own apt-cacher-ng:
# cat
http://http.debian.net/debian/ > /etc/apt-cacher-ng/backends_debian
I encourage you to do the same, and report back any issues.
Security/anonymity -wise, we should check how the mirror selection and
redirection works, and verify if it can be used to track a given Tails
user across circuit changes (in a worse way than the current setup,
I mean) or other such issues. Perhaps we'll just quickly realize it's
not worth the effort. We'll see.
(Meta: I intend to handle this as a funny, low-priority project,
no deadline involved, but feel free create a ticket if you see it
important enough to be tracked as part of our agenda, and want to
bring it to a quick resolution / is not forgotten / whatever.)
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc