Re: libdvdcss in RPM Fusion ?
On 06.09.2016 12:28, Xavier Bachelot wrote: > > If mirroring libdvdcss is still a concern, we may want to ship libdvdcss > in a dedicated repo so mirrors can exclude it easily. > If that is not enough, we might do as Fedora does for openh264, that is > use the RPM Fusion infra for the SCM and building the package, but > upload it to another host. Given Pix mail from this morning, I guess it > could be where Livna was hosted. I wonder if in this case it might make most sense to just continue to use the established rpm.livna.org brand for stuff that is to hot even for RPM Fusion. People with upload access and signing keys are reading this list afaik. Guess that's why livna seems to have gotten fresh packages and support for current Fedora releases recently. Cu, knurd
Re: 7 leftovers
2016-09-22 21:09 GMT+02:00 Sérgio Basto: > 1. Skipped > 2. Fixed (more or less) > 3. Fixed > 4. Fixed Bugzilla have one "Let's Encrypt" certificate , now we can > update wiki and remove "You should install CACert root certificate to > successfully validate bugzilla's certificate. " from > http://rpmfusion.org/ReportingBugs Please anyone ask Xavier for wiki password, the one I have doesn't work and I'm currently travelling until monday. > 5. Not fixed, python-vlc, need / may I updated ? please fix python-vlc if you have something. Thx -- - Nicolas (kwizart)
Re: SSL on download1.rpmfusion.org
2016-09-23 11:40 GMT+02:00 Nikos Roussos: >> Warren ( i guess some of you knows him ) pointed to me that the repo rpm >> file was downloaded from a http server, not a https one, and well he has >> a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup >> the https vhost for download1.rpmfusion.org. > > It would probably a good idea to include rpmfusion.org on this cert and > server the whole website over https. letsencrypt doesn't provide wildcard, and that will be a different server (so a different cert). But basically yes, the plan is to migrate to letsencrypt everywhere. so remaining services are fas and the wiki (rpmfusion.org) and will be done once thoses services will be migrated to the new infra. (admin pkgs and bugzilla are already migrated). thx -- - Nicolas (kwizart)
Re: SSL on download1.rpmfusion.org
Hi, Personally I dislike to enforce https everywhere in repo, but that's something we should open a bug and discuss. (mainly because proxy cache is only possible over http) The way packages are verified is by gpg keys, then either we gpg-sign the repo (fedora doesn't do that) or we transfert mirrors list over https (mirrorlist doesn't need proxy cache). The later is still needed if we want to enforce strict security. Then about moving https, there is two problems: - Several fedora based application behave very badly when their request is not directly answeared (aka server received a 302 instead of url rewriting of the original request) - some system will break, specially on bootstrap if the time isn't accurate while accessing the repos. (ntp generally occurs in later step). - we can't use proxy cache over https, right now this is used internally in the infra to speed up the buildroot creation, so this is broken right now. So by the end, I think using https is a good thing, thank for moving to that, but I'm against enforcing https on the repo. Looking at the way it's done for dl.fedoraproject.org, you can either access over http and https at the user choice, so I prefer using the same. Anyone (with appropriate previlege) to update the wiki so rpmfusion-*release package are transferedd over https ? Thx 2016-09-23 11:26 GMT+02:00 Gaël STEPHAN: > Hm ok by the time the email came to the ML, the ssl version of download1 > is working :) > And Warren sent me another remark: > > additionally, the rpmfusion GPG keys should be uploaded to the > key servers, with a few well known developers signing them > that way they're part of the Web of Trust strong set > right now there's no way to easily verify that the key the > website told you to use is the right one > > This one i can't do anything about, i think > > > > Le 23/09/2016 à 11:03, Gaël STEPHAN a écrit : >> Guys, >> >> Warren ( i guess some of you knows him ) pointed to me that the repo rpm >> file was downloaded from a http server, not a https one, and well he has >> a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup >> the https vhost for download1.rpmfusion.org. >> >> I'll let you know when it's ok, so you can change the download link, and >> maybe setup a rewrite so all http links become https ones. >> >> If you have any concern or problem with this, please let me know! >> >> Pix >> -- - Nicolas (kwizart)
Re: SSL on download1.rpmfusion.org
> Warren ( i guess some of you knows him ) pointed to me that the repo rpm > file was downloaded from a http server, not a https one, and well he has > a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup > the https vhost for download1.rpmfusion.org. It would probably a good idea to include rpmfusion.org on this cert and server the whole website over https.
Re: SSL on download1.rpmfusion.org
Hm ok by the time the email came to the ML, the ssl version of download1 is working :) And Warren sent me another remark: additionally, the rpmfusion GPG keys should be uploaded to the key servers, with a few well known developers signing them that way they're part of the Web of Trust strong set right now there's no way to easily verify that the key the website told you to use is the right one This one i can't do anything about, i think Le 23/09/2016 à 11:03, Gaël STEPHAN a écrit : > Guys, > > Warren ( i guess some of you knows him ) pointed to me that the repo rpm > file was downloaded from a http server, not a https one, and well he has > a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup > the https vhost for download1.rpmfusion.org. > > I'll let you know when it's ok, so you can change the download link, and > maybe setup a rewrite so all http links become https ones. > > If you have any concern or problem with this, please let me know! > > Pix >
SSL on download1.rpmfusion.org
Guys, Warren ( i guess some of you knows him ) pointed to me that the repo rpm file was downloaded from a http server, not a https one, and well he has a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup the https vhost for download1.rpmfusion.org. I'll let you know when it's ok, so you can change the download link, and maybe setup a rewrite so all http links become https ones. If you have any concern or problem with this, please let me know! Pix
Re: Re: About chromium packaging
Hello, Any progress on the codec handling of Chromium ? Thanks !