On Thu, 06 Apr 2017, Axel Beckert wrote:
SSL certificate for ftp*.*.debian.org or similar.
On 09.04.17 09:38, Peter Palfrader wrote:
That's not how wildcards work.
true. to provide more details:
wildcard in certificate applied for one level in domain name, thus
*.debian.org will apply
Hi,
Peter Palfrader wrote:
> I don't think ftp.*.debian.org providers should do https with that name.
> We regularly point ftp.*.debian.org to other places when mirrors go away
> temporarily, and the only service we guarantee the new target has is
> http://.../debian/
>
> Adding https just
On Thu, 06 Apr 2017, Axel Beckert wrote:
>a wildcard
> SSL certificate for ftp*.*.debian.org or similar.
That's not how wildcards work.
--
| .''`. ** Debian **
Peter Palfrader | : :' :
On Fri, 07 Apr 2017, Mattias Wadenstein wrote:
> On Thu, 6 Apr 2017, Axel Beckert wrote:
>
> >* https://ftp.se.debian.org/debian/ (ftp.no.debian.org seems to point
> > to the same host, but is not yet accessible via HTTPS due to not
> > being listed in the certificate)
>
> Hm, OK. We'll add
On Fri, Apr 07, 2017 at 12:25:04AM +0200, Kurt Roeckx wrote:
> On Thu, Apr 06, 2017 at 11:20:36PM +0200, Axel Beckert wrote:
> > * https://mirror.as35701.net/debian/ (not yet accessible as
> > https://ftp.be.debian.org/debian/ due to certificate only being
> > valid for mirror.as35701.net)
>
On Thu, 6 Apr 2017, Axel Beckert wrote:
* https://ftp.se.debian.org/debian/ (ftp.no.debian.org seems to point
to the same host, but is not yet accessible via HTTPS due to not
being listed in the certificate)
Hm, OK. We'll add ftp.no.d.o to our list of hostnames for LE.
We've been a bit
On Thu, Apr 06, 2017 at 11:20:36PM +0200, Axel Beckert wrote:
> * https://mirror.as35701.net/debian/ (not yet accessible as
> https://ftp.be.debian.org/debian/ due to certificate only being
> valid for mirror.as35701.net)
It's easy enough to also add ftp.be.debian.org to the certificate,
but
Hi,
Axel Beckert wrote:
> After having HTTPS-enabled mirrors listed in the Mirrors.masterlist,
> the next step would be to make httpredir.debian.org HTTPS-aware.
> Currently https://httpredir.debian.org/ shows me the following error
> message:
>
> httpredir.debian.org uses an invalid security
Hi,
sorry for digging up that old thread from 2014, but it's exactly what
I wanted to bring up, just with today's needs and possibilities:
* CVE-2016-1252 in APT showed that HTTPS might still bring additional
security. After that issue, the amount of people asking for
HTTPS-secured Debian
On 2014-02-11 16:24, Mattias Wadenstein wrote:
Ah, finally a half-reasonable case for https. I agree that this is
sufficient for software support in apt, d-i, etc.
TLS gives you confidentiality and authentication over the integrity
protection you get from GPG. You might want to serve some
On 13484 March 1977, Colin Watson wrote:
Would it be possible, then, to add Archive-https: /debian/ to the
Site: mirrors.kernel.org stanza in Mirrors.masterlist, and perhaps
start maintaining Archive-https fields for other mirrors willing to
participate? That would at least get a minimal
On Sat, 15 Feb 2014, Joerg Jaspert wrote:
The biggest problem I see is with what Kurt posted:
So the first question I have about this if we can get
ftp.TLD.debian.org certificates for this, and what happens when
that host is down and DNS gets pointed to a different host?
I have to
Hi there!
(And yes, I know that this is only of any actual use if we do
certificate checks. Right now the way I have things hooked up is that
you can add certificates to the d-i initramfs, either by rebuilding with
SSL_CERTS set in build/config/local or by concatenating another
Luca Capello l...@pca.it (2014-02-15):
Hi there!
(And yes, I know that this is only of any actual use if we do
certificate checks. Right now the way I have things hooked up is that
you can add certificates to the d-i initramfs, either by rebuilding with
SSL_CERTS set in
Hi,
I'm working on adding HTTPS support to d-i. Now, I know that we already
have integrity by way of the GPG signature chain, but this isn't for
that; this is in response to feedback Canonical has had from some Ubuntu
customers (typically of the large and corporate variety) that they want
to do
On Tue, Feb 11, 2014 at 01:04:29PM +, Colin Watson wrote:
I'm working on adding HTTPS support to d-i. Now, I know that we already
have integrity by way of the GPG signature chain, but this isn't for
that; this is in response to feedback Canonical has had from some Ubuntu
customers
On Tue, 11 Feb 2014, Colin Watson wrote:
On Tue, Feb 11, 2014 at 01:04:29PM +, Colin Watson wrote:
I'm working on adding HTTPS support to d-i. Now, I know that we already
have integrity by way of the GPG signature chain, but this isn't for
that; this is in response to feedback Canonical
On Tue, Feb 11, 2014 at 03:05:44PM +0100, Mattias Wadenstein wrote:
On Tue, 11 Feb 2014, Colin Watson wrote:
On Tue, Feb 11, 2014 at 01:04:29PM +, Colin Watson wrote:
I'm working on adding HTTPS support to d-i. Now, I know that we already
have integrity by way of the GPG signature chain,
On 02/11/2014 09:31 AM, Colin Watson wrote:
On Tue, Feb 11, 2014 at 03:05:44PM +0100, Mattias Wadenstein wrote:
On Tue, 11 Feb 2014, Colin Watson wrote:
On Tue, Feb 11, 2014 at 01:04:29PM +, Colin Watson wrote:
I'm working on adding HTTPS support to d-i. Now, I know that we already
have
On Tue, 11 Feb 2014, Colin Watson wrote:
On Tue, Feb 11, 2014 at 03:05:44PM +0100, Mattias Wadenstein wrote:
On Tue, 11 Feb 2014, Colin Watson wrote:
On Tue, Feb 11, 2014 at 01:04:29PM +, Colin Watson wrote:
I'm working on adding HTTPS support to d-i. Now, I know that we already
have
On Tue, Feb 11, 2014 at 09:39:06AM -0500, Donald Norwood wrote:
This topic has come up in mirrors a few times from users and the
general conscientious was stated rather well by Mattias. As it
stands, and to my knowledge, there are a handful of servers set up
to support https.
The question
On Tue, Feb 11, 2014 at 01:45:53PM +, Colin Watson wrote:
(And yes, I know that this is only of any actual use if we do
certificate checks. Right now the way I have things hooked up is that
you can add certificates to the d-i initramfs, either by rebuilding with
SSL_CERTS set in
On Tue, Feb 11, 2014 at 05:22:26PM +0100, Matus UHLAR - fantomas wrote:
On 11.02.14 15:56, Colin Watson wrote:
All I have left to say is that the admins in question are my customers,
so, the company is not your customer, but its admins are?
Oh, whatever. I'm not interested in this kind of
On Tue, Feb 11, 2014 at 06:40:22PM +0100, Kurt Roeckx wrote:
So the first question I have about this if we can get
ftp.TLD.debian.org certificates for this, and what happens when
that host is down and DNS gets pointed to a different host?
I have to guess that we should only do that on the
Colin Watson cjwat...@debian.org writes:
On Tue, Feb 11, 2014 at 05:22:26PM +0100, Matus UHLAR - fantomas wrote:
On 11.02.14 15:56, Colin Watson wrote:
All I have left to say is that the admins in question are my customers,
so, the company is not your customer, but its admins are?
Oh,
25 matches
Mail list logo
