On 2018-02-01 20:45, Philipp Kern wrote: > On 01.02.2018 10:30, Ansgar Burchardt wrote: > > Hmm, another issue comes to mind: > > > > If we care about encrypted buildd uploads, the buildds should probably > > also download from the (private) security-buildd archive over an > > encrypted connection, ideally with client authentication. Otherwise > > people could see the embargoed fixes in the source package. > > Well, I thought this was already the case at this point. I suppose it > shouldn't be too hard to add https:// support at this point given that > apt supports it natively. But I think client auth should be a weak > requirement at this point.
Since a few hours ago the build daemons access the security archive in https. This might not be the perfect solution, but it's already an improvement compared to plain http:// and it was (relatively) easy to do. It doesn't prevent looking for a better solution though. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net