Hi all,

gajim.org main website has adequate TLS support, hence the source tarball is 
trustworthy/secured against in-transport modification. However, the 
debian/ubuntu repo and other things hosted at ftp.gajim.org are not:

* https://ftp.gajim.org serves a *.leboulanger.org CACert Cert, directory  
listing empty, no debian repo at https://ftp.gajim.org/debian
* ftpes://ftp.gajim.org serves an
* ftp://ftp.gajim.org is unsecured ftp, obviously

I'd encourage you to also serve https://ftp.gajim.org/debian and link the 
gajim-dev-keyring.deb directly on
https://gajim.org/downloads.php?lang=en#debian Also switch ftp.gajim.org to 
letsencrypt as you did with the main site.

I tried to post this as enhancement on trac.gajim.org, but got rejected as 
spam, due to Bayes filter and http in body.

best regards,


Attachment: signature.asc
Description: OpenPGP digital signature

Gajim-devel mailing list

Reply via email to