On 2015-06-08 00:25:47 +0200 (+0200), Alan Pevec wrote: > BTW there's an issue re. verification that > https://tarballs.openstack.org/ is using cert for > security.openstack.org but should be easily fixed by infra.
Uh, nope. Try again. You're redirected to security.openstack.org if you accept that cert. It's true that tarballs.openstack.org is a vhost on the same system, but it's not intended as a secure source of release artifacts at the moment and so is only served via HTTP. We may at some point add HTTPS, but more likely we'll add detached signatures along with the tarballs/wheels we upload there through some sort of automation rather than relying on HTTPS alone. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev