Have your admin add the url(s) to a greylist, and inform him/her this is how most repos work in the world, to minimize the ssl(tls) packet overhead in bandwidth for page load to downloads/uploads. Unless they are super junior and don't understand why ssl(tls) is used for, this shouldn't be an issue. Https doesn't stop viruses or malicious code execution, it's meant to encrypt communication of sensitive data, personal information, logins credentials.Best of luck with your admin, and hope I gave enough information on the differences of http and https for you to bring to your network admin.Also like to point out that http is still allowed in CMMC and DFARs as well as NIST 800s when no login or sensitive data is being processed. That is like saying the sites need an ECA certificate. Alternatively you can build a private repository for internal use and validate new packages in a devsecops sandbox as they are release. SeanSent by Android Ai hijacked INS communications 6G -------- Original message --------From: "Devine, Harry (FAA)" <harry.dev...@faa.gov.INVALID> Date: 5/10/22 5:21 AM (GMT-08:00) To: user@guacamole.apache.org Subject: RE: Installing ffmeg-devel and tomcat
There is a need when our network admins block http going out and only allow https. Harry From: Sean Hulbert <shulb...@securitycentric.net.INVALID> Sent: Monday, May 9, 2022 5:05 PM To: user@guacamole.apache.org Subject: RE: Installing ffmeg-devel and tomcat No need to HTTPS and put extra overhead on a site and doesn’t require login creds. Thank You Sean Hulbert Founder / CEO Work Ph: 925.292.4309 www.securitycentric.net A Cybersecurity Enablement Company We don't just run you through the motions, Our labs teach you how to think! System Award Management CAGE: 8AUV4 AFCEA San Francisco Chapter V.P. If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of! CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication. igitur qui desiderat pacem, praeparet bellum!!! Epitoma Rei Militaris From: Devine, Harry (FAA) [mailto:harry.dev...@faa.gov.INVALID] Sent: Monday, May 9, 2022 11:37 AM To: user@guacamole.apache.org Cc: harry.dev...@faa.gov.invalid Subject: RE: Installing ffmeg-devel and tomcat I am, and there are 4, and all 4 are http, not https. In fact, all of the mirrors (including other countries) are http only. Strange that in 2022 these mirrors aren’t https. Thanks, Harry From: Nick Couchman <vn...@apache.org> Sent: Monday, May 9, 2022 2:35 PM To: user@guacamole.apache.org Cc: harry.dev...@faa.gov.invalid Subject: Re: Installing ffmeg-devel and tomcat On Mon, May 9, 2022 at 2:32 PM Devine, Harry (FAA) <harry.dev...@faa.gov.invalid> wrote: Are there any that are https? We aren’t allowed to contact http-only sites either. I don't know - you'll have to look at the mirror pages and see. -Nick