HTTPS -> HTTP redirects of /DEBIAN-SECURITY/ are actually valid. ๐ผ
But I currently mark them as WARNING.
There might be other similar things.
reported=2020-03-10 00:17:24
reporter=onefang
priority=high
category=Bug
severity=major
resolution=open
2020-03-10 00:34:40 onefang: Also I should rethink this a bit. ย Normally a redirection that changes the scheme would be legal, that's why people redirect to HTTPS in the first place.
HTTP -> HTTPS on DNS-RR and for people with no apt-transport-https is ERROR.
HTTPS -> HTTP for things where no HTTPS is allowed per Debian / Devuan policy is good, like DNS-RR.
I'll have to read up on Debian mirror policy.