On Sun, 2010-04-04 at 12:27 +0200, Petter Reinholdtsen wrote:
> [Robert Collins]
> > Wearing my squid upstream hat: please file bugs if squid is
> > misbehaving. Squid is used in many high volume high load web sites,
> > so if there are reliability bugs we really really want to know about
> > them.
> If you really plan to fix apt and squid related problems, it would be
> nice if #565555 was fixed.
HTTP pipelining is broken; don't use it. (Its now considered
fundamentally insecure - see the HTTP Smuggling whitepaper for all the
gory details). We're unlikely to ever invest a lot of time in it:
browsers are now going for many parallel TCP connections, and the HTTP
working group is blessing more connections as good practice. (This is vs
That said, squid handing back a truncated response is definitely a bug,
if it is indeed squid causing that (the bug doesn't have enough data to
tell - a tcpdump of a broken session would help, I suspect).
> Also, the default setup for Squid do not allow it to proxy all
> packages in the archive (the maximum_object_size is too small). In
> Debian Edu, we increased it from 20480 KB to 153600 KB, to allow the
> openartwork and fluid-soundfound packages to be proxied. In Debian
> Edu, PXE installation is set up out of the box, and to use it for
> several machines it is vital to proxy also the big packages.
Michael has created a squid-deb-proxy in Ubuntu, which should be pretty
trivial to include in Debian, that configures squid appropriately for
apt; and advertises it over avahi; squid-deb-proxy-client teaches apt to
use a zeroconf configured proxy.