On 2018-02-01 20:45, Philipp Kern wrote:
> On 01.02.2018 10:30, Ansgar Burchardt wrote:
> > Hmm, another issue comes to mind:
> > If we care about encrypted buildd uploads, the buildds should probably
> > also download from the (private) security-buildd archive over an
> > encrypted connection, ideally with client authentication. Otherwise
> > people could see the embargoed fixes in the source package.
> Well, I thought this was already the case at this point. I suppose it
> shouldn't be too hard to add https:// support at this point given that
> apt supports it natively. But I think client auth should be a weak
> requirement at this point.
Since a few hours ago the build daemons access the security archive in
https. This might not be the perfect solution, but it's already an
improvement compared to plain http:// and it was (relatively) easy to
do. It doesn't prevent looking for a better solution though.
Aurelien Jarno GPG: 4096R/1DDD8C9B