On apturls and repositories
Sounds like the discussion at UDS about having support for adding repositories (or at least PPAs) via apturl didn't get very far. At risk of prolonging a stalemate, I get the impression blocking this idea for safety reasons is completely pointless. Someone can 'easily' add a repository to a user's system (be it maliciously or not) through the following means: * A .deb package that adds a repository to sources.list.d * A .list file (in the format of sources.list, for example) which is then automatically handled by Software Sources administration (software-properties-gtk). There is therefore no security gain in apturls not doing repositories. All it takes is a simple file that the user downloads and opens to get the same thing happening. ...is this maybe going a bit off base? There are already two methods for adding repositories and apturl doesn't strike me as the right design for listing public keys to import. (At least not without generating a horrifying abomination of a URI). And if it doesn't import public keys with some reasonable automation, it will not work for PPAs. Now, discuss :) -- Dylan McCall signature.asc Description: This is a digitally signed message part -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
I quite agree that adding adding PPA should be easy. In my opinion is should envolve clicks and it should not envolve deb packages. Currently for my PPA which has quite a few users I did create deb package which installs list file and keys. Here is what I want as a PPA publisher: 1) One click links to list file per distro (Click on it, open it up without saving, enter sudo password and that ppa is added) 2) One click on the PGP key link (Click on it, choose to import into APT-key instead of your default keyring, enter sudo password, key added) 3) AptUrl should be highlighted on the PPA whiteboard (Such that I can click on it to refresh repositories and install this or that hot package that attracted me to this ppa in the first place). Number 1 is possible but you need to host the *list file somewhere, I want lauchpad to generate those in addition to the sources lines they already display. Number 2 again should be generated on the launchpad and then I think there needs to be improvement on the download side (Seahorse?) to add those keys to apt-key instead of default keyring. Number 3 launchpad should make apturl's clickable on the ppa whiteboard like on the wiki. So nothing needs to be changed in the APT-url design. Adding keys should be just as clickable as list files. Both key's and lists' files should be generated by launchpad. And since APT-url's are URL they SHOULD BE CLICKABLE! Finally got this bit off my chest. What do you think? -- With best regards Dmitrijs Ledkovs (for short Dima), Ледков Дмитрий Юрьевич -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Mon, 2009-06-01 at 09:48 -0700, Dylan McCall wrote: > Sounds like the discussion at UDS about having support for adding > repositories (or at least PPAs) via apturl didn't get very far. At risk > of prolonging a stalemate, I get the impression blocking this idea for > safety reasons is completely pointless. The session was polite and we talked about everyone's views. Some of these choices are down to political background more than technical options. Although Alexander Sack didn't help by suggesting that the decision had already been made at All Hands. As I said I would, I've compiled some mock-ups of what I was talking about with various people: http://doctormo.wordpress.com/2009/06/01/ubuntu-apt-url-and-the-white-list/ I'm going to add the same to the whiteboard for the blueprint now. Regards, Martin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Tue, 2009-06-02 at 00:53 +0200, Martin Owens wrote: > On Mon, 2009-06-01 at 09:48 -0700, Dylan McCall wrote: > > Sounds like the discussion at UDS about having support for adding > > repositories (or at least PPAs) via apturl didn't get very far. At risk > > of prolonging a stalemate, I get the impression blocking this idea for > > safety reasons is completely pointless. > > The session was polite and we talked about everyone's views. Some of > these choices are down to political background more than technical > options. Although Alexander Sack didn't help by suggesting that the > decision had already been made at All Hands. > > As I said I would, I've compiled some mock-ups of what I was talking > about with various people: > > http://doctormo.wordpress.com/2009/06/01/ubuntu-apt-url-and-the-white-list/ > > I'm going to add the same to the whiteboard for the blueprint now. Thanks for the information! That is a COOL mockup. Really leverages the power of GPG, too :) Isn't Microsoft's software signing model an example of the centralized trust concept that a whitelist in Ubuntu would imply? Doesn't work very well. Users just click through it and don't care when the message isn't there. It doesn't encourage enough thought to interest them; it just says "we, Microsoft, think you should not install this because we said so," or it doesn't say anything. (Between the lines: "We don't like this program because its developers didn't fork over piles of cash, so, uhh, there!"). Your design fits the free software ecosystem in a better way because it demystifies the existence of people (instead of just behemoth corporations), and I bet even /real/ usability testing would find it a more natural, human approach. Less forbidding, less corporate, and it pushes the technical details of the operating system into the background where it belongs. It doesn't matter whether Jesus trusts the repository's owner or Canonical; it's up to the user and presented the same way, and it's his choice whether he trusts Canonical's judgement. (Carrying the previous example, I for one happily use Windows to play games but don't trust Microsoft's judgement for what software is good, even if they did make the OS). Preaching to the choir, of course, but it's easier that way :) signature.asc Description: This is a digitally signed message part -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Tue, Jun 02, 2009 at 12:53:24AM +0200, Martin Owens wrote: > On Mon, 2009-06-01 at 09:48 -0700, Dylan McCall wrote: > > Sounds like the discussion at UDS about having support for adding > > repositories (or at least PPAs) via apturl didn't get very far. At risk > > of prolonging a stalemate, I get the impression blocking this idea for > > safety reasons is completely pointless. > > The session was polite and we talked about everyone's views. Some of > these choices are down to political background more than technical > options. Although Alexander Sack didn't help by suggesting that the > decision had already been made at All Hands. FWIW, I didn't say that the decision was already made during allhands - otherwise there wouldn't have been such a healthy discussion :). Only thing I said was that there was lots of out-of-session discussion up-front which probably led to a quick start of the whole discussion in the first apturl session. In fact there was a second apturl session during UDS (which you didnt attend unfortunately); in that session we basically reached consent on what i already suggested in the first session: to go for the currently suggested explicit apturl third party process while making it easier to enable PPAs in karmic (like: automatic key exchange and general improvements in software sources/app-center). > > As I said I would, I've compiled some mock-ups of what I was talking > about with various people: > > http://doctormo.wordpress.com/2009/06/01/ubuntu-apt-url-and-the-white-list/ > > I'm going to add the same to the whiteboard for the blueprint now. > >From what I see at a first glance your mockups look useful and should be considered when designing the improved PPA user experience in app-center/software-sources. However, imo they don't prevent users from getting tricked into single click installs. Also you use gpg to express trust in software quality, while gpg is designed for expressing trust in identities; this was also pointed out in your blog post comment [1] and should definitly be addressed somehow - most likely by not using gpg, but some launchpad mechanism to express trust in quality in PPAs. [1] - http://doctormo.wordpress.com/2009/06/01/ubuntu-apt-url-and-the-white-list/#comment-1277 Thanks, - Alexander -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Mon, Jun 01, 2009 at 09:48:26AM -0700, Dylan McCall wrote: > Someone can 'easily' add a repository to a user's system (be it > maliciously or not) through the following means: > * A .deb package that adds a repository to sources.list.d > * A .list file (in the format of sources.list, for example) which > is then automatically handled by Software Sources administration > (software-properties-gtk). > > There is therefore no security gain in apturls not doing repositories. > All it takes is a simple file that the user downloads and opens to get > the same thing happening. The difference is that by design you can trigger apturls from websites using javascript, which makes it hard for us to ensure that the user is not tricked into believing that the apturl dialog is something the user cannot trust. Also on websites you can easily trick users in doing weird things (like a click game), which makes it harder to prevent malicious attacks. Also, the abilitity to trigger .deb installs from the web by a single click is considered a bug and we look into making ffox and other webbrowsers not allow that (instead similar to windows .exe downloads only allow them to be saved and not opened directly from the web). > > ...is this maybe going a bit off base? There are already two methods for > adding repositories and apturl doesn't strike me as the right design for > listing public keys to import. (At least not without generating a > horrifying abomination of a URI). And if it doesn't import public keys > with some reasonable automation, it will not work for PPAs. I agree. Instead of talking about allowing PPAs to be enabled through apturl, we should improve the way PPAs can be enabled in software-sources and app-center which was also one of the results of the UDS discussions we had. - Alexander -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Alexander Sack wrote: > Also, the abilitity to trigger .deb installs from the web by a single > click is considered a bug and we look into making ffox and other > webbrowsers not allow that (instead similar to windows .exe downloads > only allow them to be saved and not opened directly from the web). Ugh! Sure it's dangerous - even so, I think it's a hugely regressive step to say I _shouldn't_ be able to do that. Feel free to default it that way, and make me do something to demonstrate that I understand the potential hazards, but Linux is not about holding people's hands so tight that they can't shoot themselves in the foot. (and, fwiw, Windows doesn't stop me executing .exes from the web - Windows _Policy_ administration can) -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Dmitrijs Ledkovs wrote: > I quite agree that adding adding PPA should be easy. > > In my opinion is should envolve clicks and it should not envolve deb > packages. Currently for my PPA which has quite a few users I did > create deb package which installs list file and keys. > > Here is what I want as a PPA publisher: > > 1) One click links to list file per distro (Click on it, open it up > without saving, enter sudo password and that ppa is added) > > 2) One click on the PGP key link (Click on it, choose to import into > APT-key instead of your default keyring, enter sudo password, key > added) I would add - keyserver.ubuntu.com should handle HTTP lookups! I finally realized why I have so much trouble updating apt from work: because the firewall blocks hkp. > > 3) AptUrl should be highlighted on the PPA whiteboard (Such that I can > click on it to refresh repositories and install this or that hot > package that attracted me to this ppa in the first place). ... > Finally got this bit off my chest. What do you think? Yes. -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Tue, Jun 02, 2009 at 10:40:47AM -0300, Derek Broughton wrote: > Alexander Sack wrote: > > > Also, the abilitity to trigger .deb installs from the web by a single > > click is considered a bug and we look into making ffox and other > > webbrowsers not allow that (instead similar to windows .exe downloads > > only allow them to be saved and not opened directly from the web). > > Ugh! Sure it's dangerous - even so, I think it's a hugely regressive step > to say I _shouldn't_ be able to do that. Feel free to default it that way, > and make me do something to demonstrate that I understand the potential > hazards, but Linux is not about holding people's hands so tight that they > can't shoot themselves in the foot. I don't see a big user experience regression if debs get first downloaded to desktop before you can install them. Installing debs isn't something you do on a daily base. In turn you get improved security by not providing a click through way of installing them from the web. - Alexander -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Alexander Sack wrote: > On Tue, Jun 02, 2009 at 10:40:47AM -0300, Derek Broughton wrote: >> Alexander Sack wrote: >> >> > Also, the abilitity to trigger .deb installs from the web by a single >> > click is considered a bug and we look into making ffox and other >> > webbrowsers not allow that (instead similar to windows .exe downloads >> > only allow them to be saved and not opened directly from the web). >> >> Ugh! Sure it's dangerous - even so, I think it's a hugely regressive >> step >> to say I _shouldn't_ be able to do that. Feel free to default it that >> way, and make me do something to demonstrate that I understand the >> potential hazards, but Linux is not about holding people's hands so tight >> that they can't shoot themselves in the foot. > > I don't see a big user experience regression if debs get first > downloaded to desktop before you can install them. It's not the idea of having the debs downloaded first that's regressive, it's the whole idea that power users should be prevented from doing what they want by developers who know better that's pure evil, and should be stamped out at the first hint. I don't care if you want to make it _hard_ (heck, make the geeks edit an rc file by hand if you want), but it should _always_ be possible. > Installing debs isn't something you do on a daily base. Actually, it is... > In turn you get improved > security by not providing a click through way of installing them from > the web. I beg to differ. A user who is going to install software of dubious origins will install it whether it's "click-through" or not. You're merely annoying people who want to install known, reliable, software (virtualbox comes to mind - every time they issue a new release, I get a download link when I start it [and yes, I know I can actually add the URL to my sources.list - it's just an example]). -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Il giorno mar, 02/06/2009 alle 12.03 +0200, Alexander Sack ha scritto: > > > I agree. Instead of talking about allowing PPAs to be enabled through > apturl, we should improve the way PPAs can be enabled in > software-sources and app-center which was also one of the results of > the UDS discussions we had. > Excuse me but isn't this pushing the PPAs over external sources? If so, considering that canonical or ubuntu surely does not guarantee for the PPA, this is going both to create a false sense of security and discourage the use of external repositories. Of course they can all migrate to launchpad but I don't know if it's a good idea. Vincenzo -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Il giorno mar, 02/06/2009 alle 11.37 -0300, Derek Broughton ha scritto: > > I beg to differ. A user who is going to install software of dubious > origins > will install it whether it's "click-through" or not. You're merely > annoying > people who want to install known, reliable, software (virtualbox comes > to > mind - every time they issue a new release, I get a download link when > I > start it [and yes, I know I can actually add the URL to my > sources.list - > it's just an example]). I think that making the process two-steps only affects usability: I can do the same things, with the same authorizations, but I need to minimise the firefox window, go to the desktop, find the downloaded file and open it. In any case, the apturl window *is* dangerous and users must know. It does not matter how I do it, via javascript or providing a link, if you click on a deb you get prompted for your root password. You're actually providing a bridge for extraneous persons into your system. Nothing will prevent that by making the process a bit harder. A better idea would perhaps be to allow installing packages from apturls or debs *only* if the key is already present in the system, that is, you don't even add the source permanently if not. Then, a smart user-friendly way to get the keys is clearly the way to go. Vincenzo -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Tuesday 02 June 2009 2:35:36 pm Vincenzo Ciancia wrote: > Il giorno mar, 02/06/2009 alle 12.03 +0200, Alexander Sack ha scritto: > > > > > > I agree. Instead of talking about allowing PPAs to be enabled through > > apturl, we should improve the way PPAs can be enabled in > > software-sources and app-center which was also one of the results of > > the UDS discussions we had. > > > > Excuse me but isn't this pushing the PPAs over external sources? If so, > considering that canonical or ubuntu surely does not guarantee for the > PPA, this is going both to create a false sense of security and > discourage the use of external repositories. Of course they can all > migrate to launchpad but I don't know if it's a good idea. I would consider a PPA just as much of an external/third-party as any debuntu or getdeb repository. -- Mackenzie Morgan http://ubuntulinuxtipstricks.blogspot.com apt-get moo signature.asc Description: This is a digitally signed message part. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Vincenzo Ciancia wrote: > A better idea would perhaps be to allow installing packages from apturls > or debs *only* if the key is already present in the system, that is, you > don't even add the source permanently if not. That works for me - I don't mind increasing security, I just hate having people tell me that taking 1 extra step will do it for me. > Then, a smart user-friendly way to get the keys is clearly the way to > go. Yes. -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Tue, 2009-06-02 at 11:51 +0200, Alexander Sack wrote: > In fact there was a second apturl session during UDS (which you didnt > attend unfortunately); Yea sorry about that, too many sessions going on, although I did talk with people directly after the session and I was happy enough with the decisions being made. > in that session we basically reached consent on > what i already suggested in the first session: to go for the currently > suggested explicit apturl third party process while making it easier > to enable PPAs in karmic (like: automatic key exchange and general > improvements in software sources/app-center). It'll still ask to add an apt-source though right? password box? wouldn't want mistaken clicks to add xorg-bleeding-edge. > >From what I see at a first glance your mockups look useful and should > be considered when designing the improved PPA user experience in > app-center/software-sources. However, imo they don't prevent users from > getting tricked into single click installs. Also you use gpg to > express trust in software quality, while gpg is designed for expressing > trust in identities; this was also pointed out in your blog post > comment [1] and should definitly be addressed somehow - most likely by > not using gpg, but some launchpad mechanism to express trust in > quality in PPAs. It's a tricky problem, qualitative assessment of launchpad PPAs would need a launchpad mechanism of 'confidence' (as opposed to identity trust) which would give that system a much better foundation. On the other hand it'd be nice if the technology were open to none launchpad sources too. And although GPG only brings identity trust, it does allow you to bridge from knowing who someone is into knowing what they think of the subject for consideration. I wouldn't dismiss using gpg for identity management which is still important for distributed systems where you have to quantify things against a person (even if that value if technical confidence). Regards, Martin -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
"Assessment of PPAs" sounds to me like peer review. That would be a big job to implement, but IMHO benefits would go far beyond a web of trust. Of course, I'm not volunteering to do it :) - Andrew -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Op dinsdag 02-06-2009 om 10:32 uur [tijdzone -0300], schreef Derek Broughton: > I would add - keyserver.ubuntu.com should handle HTTP lookups! I > finally realized why I have so much trouble updating apt from work: > because the firewall blocks hkp. HKP is HTTP, so your problem is probably that you need some proxy settings somewhere... -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Jan Claeys wrote: > Op dinsdag 02-06-2009 om 10:32 uur [tijdzone -0300], schreef Derek > Broughton: >> I would add - keyserver.ubuntu.com should handle HTTP lookups! I >> finally realized why I have so much trouble updating apt from work: >> because the firewall blocks hkp. > > HKP is HTTP, so your problem is probably that you need some proxy > settings somewhere... No, it isn't. HTTP is by definition over port 80 - or perhaps 8080: $ grep http /etc/services ... www 80/tcp http# WorldWideWeb HTTP ... http-alt8080/tcpwebcache# WWW caching service http-alt8080/udp# WWW caching service but hkp: $ grep hkp /etc/services hkp 11371/tcp # OpenPGP HTTP Keyserver Keyservers _can_ handle http, but keyserver.ubuntu.com doesn't. Of course I need proxies - but if keyserver.ubuntu.com was properly configured, I wouldn't. -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
> No, it isn't. HTTP is by definition over port 80 - or perhaps 8080: Is it? I didn't think is was the port that defined the protocol but the nature of the messages sent over the connection. The port is a default but not a requirement, like ssh or ftp. Martin, -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
On Sun, Jun 7, 2009 at 5:55 AM, Martin Owens wrote: > >> No, it isn't. HTTP is by definition over port 80 - or perhaps 8080: > > Is it? I didn't think is was the port that defined the protocol but the > nature of the messages sent over the connection. The port is a default > but not a requirement, like ssh or ftp. For the record: http://keyserver.ubuntu.com:11371/ works in the browser. Remco -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Il giorno sab, 06/06/2009 alle 23.55 -0400, Martin Owens ha scritto: > > Is it? I didn't think is was the port that defined the protocol but > the > nature of the messages sent over the connection. The port is a default > but not a requirement, like ssh or ftp. > I think the point here is that the keyserver should handle requests on port 80, even though the OP incorrectly called them "HTTP requests". V. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Vincenzo Ciancia wrote: > Il giorno sab, 06/06/2009 alle 23.55 -0400, Martin Owens ha scritto: >> >> Is it? I didn't think is was the port that defined the protocol but >> the >> nature of the messages sent over the connection. The port is a default >> but not a requirement, like ssh or ftp. For heaven's sake, I presented the evidence. Split hairs if you must. The simple fact is that many keyservers support requests on port 80, and keyserver.ubuntu.com doesn't for reasons that can make no technical sense. > > I think the point here is that the keyserver should handle requests on > port 80, even though the OP incorrectly called them "HTTP requests". No, I didn't "incorrectly" call them HTTP requests. As Martin says, HKP _is_ using HTTP _protocol_, so I strongly feel it should be permitted on HTTP _ports_. -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Remco wrote: > On Sun, Jun 7, 2009 at 5:55 AM, Martin Owens wrote: >> >>> No, it isn't. HTTP is by definition over port 80 - or perhaps 8080: >> >> Is it? I didn't think is was the port that defined the protocol but the >> nature of the messages sent over the connection. The port is a default >> but not a requirement, like ssh or ftp. > > For the record: > > http://keyserver.ubuntu.com:11371/ works in the browser. > NOT IF ITS FIREWALLED! -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: On apturls and repositories
Derek Broughton wrote: > Vincenzo Ciancia wrote: > > >> Il giorno sab, 06/06/2009 alle 23.55 -0400, Martin Owens ha scritto: >> >>> Is it? I didn't think is was the port that defined the protocol but >>> the >>> nature of the messages sent over the connection. The port is a default >>> but not a requirement, like ssh or ftp. >>> > > For heaven's sake, I presented the evidence. Split hairs if you must. The > simple fact is that many keyservers support requests on port 80, and > keyserver.ubuntu.com doesn't for reasons that can make no technical sense. > Ah, that is to make things challenging to push out Ubuntu in business environments just like how the Kubuntu team decided to pull the rug on KDE3.5.x after Hardy. Oh wait, Ubuntu is for home users only right? Sorry, could not resist. I cannot help but notice that it appears many Ubuntu/Kubuntu users seem to not understand what is going on with Ubuntu/Kubuntu. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss