On Thu, Oct 13, 2022 at 03:57:41PM +0200, Kevin Kofler via devel wrote: > > Also, a ton of Fedora mirrors still don't use HTTPS for various reasons. > I would say that those mirrors ought to be kicked out of the mirror list > immediately.
There are also a lot of rsync mirrors. I don't think any of them are using rsync-ssl. I think "kicked out" is a bit harsh -- but we should definitely suggest it. And I think we should also do the metadata signing as soon as practical... defense in depth and all that. -- Matthew Miller <mat...@fedoraproject.org> Fedora Project Leader _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
