Deprecation of apt-transport-https

[Julian Andres Klode]

Hi everyone,

APT is currently migrating from apt-transport-https to the "http"
method, which learned TLS in the past half week. 1.5~alpha1 is in
artful-proposed right now (but held back by an unrelated pep8 nonsense
in unattended-upgrade), and 1.5~alpha4 that fixes all known issues
will appear later today or tomorrow.

apt-transport-https will still be around for some time, but it won't
install an acquire method for "https" urls, but for "curl+http" and
"curl+https" (and you can set Dir::Bin::Methods::https to "curl" to
forcefully re-enable it for normal https URLs).

I'm thinking about dropping the package in early August, which is after
the opt-in Alpha 2 builds, and with still plenty of time left until
the beta release. We can consider keeping it around for the release
and only drop it afterwards, though, in case we want to have a work
around for some users if something is broken.

Other changes:

  [ Changes to unauthenticated repositories ]
  The security exception for apt-get to only raise warnings if it encounters
  unauthenticated repositories in the "update" command is gone now, so that it
  will raise errors just like apt and all other apt-based front-ends do since
  at least apt version 1.3.

  It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
  behaviour of apt-get by setting the option
    Binary::apt-get::Acquire::AllowInsecureRepositories "true";
  See apt-secure(8) manpage for configuration details.

  [ Release Info Changes ]
  If values like Origin, Label, and Codename change in a Release file,
  update fails, or asks a user (if interactive). Various
  --allow-releaseinfo-change are provided for non-interactive use.

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
                  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.