Re: HTTPS enabled Debian Security repository
On Thu, 2017-11-09 at 11:30 +0100, Marek Sebera wrote: > Is this up-to-date repository or manually synced mirror? Neither, it is a pair of CDNs, hosted by Fastly and Amazon, although only the Amazon CDN supports https. > Also note I had to set ... as trused in system certificates Normally it already would be. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: HTTPS enabled Debian Security repository
Thank you, this seems to work. Is this up-to-date repository or manually synced mirror? Also note I had to set (C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2) as trused in system certificates Marek On 11/09/2017 11:19 AM, Paul Wise wrote: > On Thu, Nov 9, 2017 at 5:57 PM, Marek Sebera wrote: > >> Thank you for support, so is the https enabled repository coming up? > > One of the CDNs backing deb.d.o supports https, see the last para here: > > http://deb.debian.org/ > signature.asc Description: OpenPGP digital signature
Re: HTTPS enabled Debian Security repository
On Thu, Nov 9, 2017 at 5:57 PM, Marek Sebera wrote: > Thank you for support, so is the https enabled repository coming up? One of the CDNs backing deb.d.o supports https, see the last para here: http://deb.debian.org/ -- bye, pabs https://wiki.debian.org/PaulWise
Re: HTTPS enabled Debian Security repository
Thank you for support, so is the https enabled repository coming up? Marek On 10/26/2017 08:19 PM, Christoph Biedl wrote: > ๆๅไป wrote... > >> I believe that there's no benefit on accessing Debian archive with HTTPS as >> they uses GnuPG for authentication > > GnuPG indeed serves the purposes of authenticity and integrity very > well. Modulo bugs every now and then, but they happen on other layers as > well. > > Also, nobody should rely on the privacy in this case since the server > content is public and the clients have a fairly simple access pattern. > Decoding the transfers from this isn't trival but seems doable with some > effort - one day I'll write a prove of concept for this. > > There is however a reason for https, a sad one though: Braindead > "security" applicances that do deep packet inspection and might reject > the download of packages. > > Christoph > signature.asc Description: OpenPGP digital signature
