01/21/2012 03:28 PM, anonym: > 01/21/2012 03:21 PM, intrigeri: >> Thoughts before we merge this branch into stable and devel? > > No complaints from my side.
Now I have complaints :) It turns out your wget test from earlier in this test isn't bullet proof... unless you run squeeze (I run wheezy). Suqeeze's wget (1.12) produces cert errors for several of our new pool members. Most can be fixed by prefixing with www. I tried upgrading wget to unstable's wget (1.13.4 -- this also pulled libc6 libc-bin multiarch-support libgnutls26 libgpg-error libp11-kit0_ locales as deps from unstable) which made all of them work. Here are are the details: First of all, sarava.org seems to have issues at the moment. I get "Proxy tunneling failed: Couldn't connect: SOCKS error: host unreachable". I can't connect to it cleanly in the clear either. Let's ignore this one for now. Fixable (stupid cert errors): ----------------------------- PAL: 1984.is --> www.1984.is indymedia.org --> chavez.indymedia.org planet.squat.net --> squat.net www.boum.org --> boum.org NEUTRAL: mozilla.org --> www.mozilla.org stackexchange.com --> www.stackexchange.com FOE: www.tumblr.com --> tumblr.com If you try wget:ing tumblr.com it will result in some redirects and then an error, but it still works in htpdate. Not fixable (except by upgrading wget): --------------------------------------- PAL: www.ccc.de www.nadir.org Bot of these yields an error like this: ERROR: cannot verify www.ccc.de’s certificate, issued by “/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root”: Unable to locally verify the issuer’s authority. (BTW, htpdate reports the error "Could not get any Date header" for all different kinds of cert errors I've encountered, which is a bit misleading. "Could not verify SSL certificate" would be more honest.) Since fetching wget (and its deps in particular) from unstable likely is out of the question, I guess we have to update the hostnames as detailed above, and find two new PALs (or three in case sarava.org doesn't get its act together). Potential replacements (tested!): * www.i2p2.de * epic.org * www.privacyinternational.org Otherwise I must say that feature/more_resilient_htpdate seem to work perfectly now. Cheers!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
