Hi,
intrigeri:
> I'd like to propose this mitigation:
> Use only outgoing HTTPS connections if the remote peer can be
> correctly authenticated using a certificate signed by Let's Encrypt
Here's a first proof-of-concept on the 932570-pin-LetsEncrypt-CA
branch on https://salsa.debian.org/intr
intrigeri writes ("Bug#932570: dgit should pin to the LE CA for ftpmasterapi"):
> Hi,
Hi to you!
> What do you think?
Yay! Wow! Also it is 0230 and I need to sleep :-).
Will produce more err focused response tomorrow.
Ian.
--
Ian JacksonThese opinions are my own.
intrigeri writes ("Bug#932570: dgit should pin to the LE CA for ftpmasterapi"):
> Here's a first proof-of-concept on the 932570-pin-LetsEncrypt-CA
> branch on https://salsa.debian.org/intrigeri/dgit.
Hi. Thanks a lot.
I have looked at your mail and code in detail now.
Ian Jackson writes ("Re: Bug#932570: dgit should pin to the LE CA for
ftpmasterapi"):
> If I had done this I might well do:
> 1. split up api_query into api_query_raw that doesn't do
> decode json, which is called by a small new api_query
> 2. make cmd_archive_
Hi Ian,
Ian Jackson:
> We spoke yesterday about the testing of this, and you mentioned some
> Perl test https server. Can you remind me of the Perl module name ?
I've had good experiences with the HTTP::Server::Simple family
(e.g. HTTP::Server::Simple::Static and HTTP::Server::Simple::CGI):
git
For now, I wanted to document my progress so far.
I have a branch which contains an test which runs a mockup http server
(thanks to intrigeri for recommendations etc.) and runs an
ftpmasterapi command against it to check things are working.
The work which remains to be done is:
1. Write test cas
6 matches
Mail list logo
