Hi,
On Tue Dec 20, 2016 at 10:45:23 +0100, Hans-Christoph Steiner wrote:
> Also, it would be really awesome if there was:
>
> https://httpsredir.debian.org/debian
>
> Which automatically redirected to mirrors that support HTTPS. I filed
> an issue here:
>
Marc Haber wrote...
> On Wed, Dec 21, 2016 at 09:31:23AM +0100, Joerg Jaspert wrote:
> > Now, if you want to manually download a .deb and dpkg -i it - then you
> > have to manually do the same steps apt & co do: Get the corresponding
> > packages and (In)Release files, verify its signature
On 14527 March 1977, Christoph Biedl wrote:
> Well, this creates trust for the path until (but excluding) that
> particular mirror only. Can I trust the mirror? And even if, there's no
> guarantee the mirror got the data through a trusted path.
And why the heck would you ever trust any mirror? If
Casper Thomsen wrote...
> On Sun, Dec 18, 2016 at 12:35 PM, datanoise wrote:
> > There could be https mirrors as well as non-https mirrors.
>
> There is https://cloudfront.debian.net which you could decide to trust.
>
> It doesn't *need* to be a "Debian SSL cert";
On 20.12.2016 10:45, Hans-Christoph Steiner wrote:
> Also, it would be really awesome if there was:
>
> https://httpsredir.debian.org/debian
>
> Which automatically redirected to mirrors that support HTTPS. I filed
> an issue here:
> https://github.com/rgeissert/http-redirector/issues/78
Hans-Christoph Steiner:
>
>
> Peter Lawler:
>>
>>
>> On 18/12/16 22:03, Christoph Moench-Tegeder wrote:
>>> second point requires a lot of work
>>> to resolve.
>>>
>>> Regards,
>>> Christoph
>>>
>>
>> Monday morning yet-to-be-caffienated thoughts...
>>
>> I'm going to ignore the
Peter Lawler:
>
>
> On 18/12/16 22:03, Christoph Moench-Tegeder wrote:
>> second point requires a lot of work
>> to resolve.
>>
>> Regards,
>> Christoph
>>
>
> Monday morning yet-to-be-caffienated thoughts...
>
> I'm going to ignore the 'inconvenience' because I think in this case
> that's a
On Sun, Dec 18, 2016 at 12:35 PM, datanoise wrote:
> There could be https mirrors as well as non-https mirrors.
There is https://cloudfront.debian.net which you could decide to trust.
It doesn't *need* to be a "Debian SSL cert"; since you trust the
mirror anyway is
On 18/12/16 22:03, Christoph Moench-Tegeder wrote:
second point requires a lot of work
to resolve.
Regards,
Christoph
Monday morning yet-to-be-caffienated thoughts...
I'm going to ignore the 'inconvenience' because I think in this case
that's a specious argument.
I acknowledge there's
Christoph Moench-Tegeder :
## gwmfm...@unseen.is (gwmfm...@unseen.is):
What with Let's Encrypt now active, there is no excuse to not move
everything to HTTPS for updating.
1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents
that (unless you break HTTPS). This not only
## gwmfm...@unseen.is (gwmfm...@unseen.is):
> What with Let's Encrypt now active, there is no excuse to not move
> everything to HTTPS for updating.
1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents
that (unless you break HTTPS). This not only affects the server
side
11 matches
Mail list logo