On Tue, 2017-04-11 at 13:28 -0300, Fernando Mumbach wrote: > Thank you Florent for answering in such a well explained form. > > If the subdomain "downloads" is deprecated, how are we supposed to > get the seednodes for the first install?
They are shipped with the various installers we provide; but that doesn't help the package managers... > As of now, the AUR package for freenet is totally broken because you > can't download that file, so I'm assuming it's going to move to S3? Or github. Whatever our release manager decides. > If the plan is moving to S3, why not make a > downloads.freenetproject.org a CNAME pointing to the S3 bucket, so we > can keep the paths and everything would JustWork? (AFAIK, never tested > using CNAMEs with S3) > Making something like that work could have been possible if it was planned... but would have been risky (most "clients" pin the certificate). Changing to a different FQDN and hierarchy makes a lot of sense since all the places that do reference the existing URLs will have to be touched anyway. That vhost does various kinds of redirect-based magic (/latest/ but also the .url and the .registry files) under the scene and that is non straightforward to emulate with S3. I have sent an email months ago saying that downloads.freenetproject.org was going away... no one has objected at the time. > So much confusion around this issue. I understand 100% of the work is > voluntary, but this became a mess in no time, and seems like no one > wants to take responsibility. > > > I'm still not sure about these: > - I should be able to update from freenet itself, but what about new > users? Where do they get the initial files? Currently from github. The project's officially supported installer do ship with a seednode file (don't ask me how it's updated; it's probably not :p) > - The update script for the new version should be working, but how am > I supposed to update using the script if the URLs change? I don't think it is. Fred can update the script in place on existing/working installs (again, that doesn't help packagers I guess). > - Has anyone started a petition for AWS non profits? I remember > reading that some open source projects get free credits on Amazon > AWS¹. These credits could help pay the hosting services. > > ¹: https://aws.amazon.com/government-education/nonprofits/?nc1=h_ls > That's on my TODO (after finishing the migration). Florent > On 11-04-2017 05:38, Florent Daigniere wrote: > > On Sun, 2017-04-09 at 19:57 -0300, Fernando Mumbach wrote: > > > Hello, > > > > > > > Hi Fernando, > > > > Since no one is replying to you, I will attempt to... > > > > > > > downloads.freenetproject.org is still using the old cert, > > > > It is a feature, not a bug :) > > > > The plan was to drop that FQDN... and then at the last minute, Arne > > has > > decided to release a build (1478) that has changed the plan. > > > > I have made it clear that it wouldn't work... but been ignored. > > > > > > > and the archlinux package fails to update because the cert is > > > invalid. Did you maybe forgot to also update the subdomain? > > > > The plan has always been to drop that vhost altogether. I haven't > > dropped it because of the last minute change to the plan, that's > > all. > > > > Its organization doesn't make sense (keeping alpha in the path, ...) > > and > > is unsuitable for everyone (packagers, build tools that expect > > metadata, > > ...), not to mention that it costs the project money to keep the VPS > > it > > sits on up. That's why I am keen on getting rid of it once and for > > all. > > > > The initial plan was to setup a new vhost (mvn.freenetproject.org) > > that > > would be AWS/S3 baked and would provide a maven-like repository > > structure we would push our builds to (and that packagers, > > installers, > > build tools, ... ) could use. > > > > Just like you, I have zero visibility on what is supposed to be > > happening... or what the current plan is; rest assured that it's not > > just the various packages that are broken (1478 doesn't magically > > bypass > > the certificate expiry check and has obviously not received any > > testing > > before being released). > > > > I have stopped to work on next since that isn't where the builds are > > being released from anymore... > > > > > > > The subdomain "wiki" works okay for me (it redirects correctly > > > to > > > github). I do not know of others subdomains, but we should test > > > all > > > the domains. > > > > > > > All the domains for which a plan did exist have been migrated > > (website, > > bugs, wiki). Those that haven't will see their DNS entry removed > > soon > > (doc-fr, testing, old-wiki, archives, downloads, emu). > > > > Florent > > > > > On 05-04-2017 20:35, Arne Babenhauserheide wrote: > > > > Hi, > > > > > > > > The certificate expired and we use HTTP Strict Transport > > > > Security > > > > (HSTS). That means: Our old site is down until the DNS can be > > > > switched > > > > over to the AWS site. > > > > > > > > Let’s treat this as a test of what would happen if an attacker > > > > were > > > > to > > > > take down our clearnet infrastructure. > > > > > > > > Best wishes, > > > > Arne > > > > -- > > > > Unpolitisch sein > > > > heißt politisch sein > > > > ohne es zu merken
signature.asc
Description: This is a digitally signed message part