ther is https? Then we can ask mirrors to start
>> moving to https with a goal perhaps of next May?
>>
>> Regards,
>>
>> KAM
>>
>> On 4/29/2022 12:27 AM, Dave Warren wrote:
>>> On 2022-04-28 07:30, Bill Cole wrote:
>>>> I see no reason to
rren wrote:
On 2022-04-28 07:30, Bill Cole wrote:
I see no reason to make HTTPS mandatory for mirrors at this point.
It does mean an extra layer that can break and the impersonation
attacks that it enables would be extremely complicated to mount, so
may be entirely theoretical. I would rather keep u
her is https? Then we can ask mirrors to start
> moving to https with a goal perhaps of next May?
>
> Regards,
>
> KAM
>
> On 4/29/2022 12:27 AM, Dave Warren wrote:
> > On 2022-04-28 07:30, Bill Cole wrote:
> > > I see no reason to make HTTPS mandatory fo
wrote:
On 2022-04-28 07:30, Bill Cole wrote:
I see no reason to make HTTPS mandatory for mirrors at this point. It
does mean an extra layer that can break and the impersonation attacks
that it enables would be extremely complicated to mount, so may be
entirely theoretical. I would rather keep
On 2022-04-28 07:30, Bill Cole wrote:
I see no reason to make HTTPS mandatory for mirrors at this point. It
does mean an extra layer that can break and the impersonation attacks
that it enables would be extremely complicated to mount, so may be
entirely theoretical. I would rather keep
On Wed, Apr 27, 2022 at 05:34:57PM +0300, Henrik K wrote:
>
> Btw I just updated DNS to https too:
> mirrors.updates.spamassassin.org.
> "https://spamassassin.apache.org/updates/MIRRORED.BY;
Actually it's now:
mirrors.updates.spamassassin.org.
On Thu, Apr 28, 2022 at 09:30:21AM -0400, Bill Cole wrote:
>
> and the impersonation attacks that it enables would be extremely
> complicated to mount, so may be entirely theoretical.
Of course it is. It's probably thousand times more likely that a mirror
itself is hacked and it's files
On 2022-04-28 at 06:40:58 UTC-0400 (Thu, 28 Apr 2022 12:40:58 +0200
(CEST))
Fossies Administrator
is rumored to have said:
On Wed, 27 Apr 2022, Henrik K wrote:
There's really no reason these days for not using https.
Only three mirrors work with it right now:
sa-update.razx.cloud
sa
On 2022-04-28 at 07:36:45 UTC-0400 (Thu, 28 Apr 2022 14:36:45 +0300)
Henrik K
is rumored to have said:
On Thu, Apr 28, 2022 at 07:26:41AM -0400, Kevin A. McGrail wrote:
We discussed this a year or two ago. The data on there is not
sensitive and
is cryptographically verified by spamassassin
On Thu, Apr 28, 2022 at 07:41:56AM -0400, Kevin A. McGrail wrote:
> By default, the data is cryptographically verified. An admin has to
> specifically turn off that feature.
>
> There's little benefits of using HTTPS in this specific setting and it's
> just an extra requirement on our volunteer
By default, the data is cryptographically verified. An admin has to
specifically turn off that feature.
There's little benefits of using HTTPS in this specific setting and it's
just an extra requirement on our volunteer mirrors. It will add time, CPU
load, and even a small amount of bandwidth
On Thu, Apr 28, 2022 at 07:26:41AM -0400, Kevin A. McGrail wrote:
> We discussed this a year or two ago. The data on there is not sensitive and
> is cryptographically verified by spamassassin before being used. Can you
> name a single reason the data needs to be encrypted in transit? KAM
It's
:40:58PM +0200, Fossies Administrator wrote:
> > On Wed, 27 Apr 2022, Henrik K wrote:
> >
> > >
> > > There's really no reason these days for not using https.
> > >
> > > Only three mirrors work with it right now:
> > >
> > > sa-u
On Thu, Apr 28, 2022 at 12:40:58PM +0200, Fossies Administrator wrote:
> On Wed, 27 Apr 2022, Henrik K wrote:
>
> >
> > There's really no reason these days for not using https.
> >
> > Only three mirrors work with it right now:
> >
> > sa-updat
On Wed, 27 Apr 2022, Henrik K wrote:
There's really no reason these days for not using https.
Only three mirrors work with it right now:
sa-update.razx.cloud
sa-update.pccc.com
sa-update.mailfud.org
Could maybe others prepare for it? sa-update seems to happily use https://
mirrors starting
There's really no reason these days for not using https.
Only three mirrors work with it right now:
sa-update.razx.cloud
sa-update.pccc.com
sa-update.mailfud.org
Could maybe others prepare for it? sa-update seems to happily use https://
mirrors starting from 3.4.0, so there shouldn't be any
16 matches
Mail list logo
