Re: HTTPS metadata in Mirrors.masterlist?
On Tue, Feb 11, 2014 at 05:22:26PM +0100, Matus UHLAR - fantomas wrote:
> On 11.02.14 15:56, Colin Watson wrote:
> >All I have left to say is that the admins in question are my customers,
>
> so, the company is not your customer, but its admins are?
Oh, whatever. I'm not interested in this kind of word game.
> >I've already exhausted all the avenues of protest you suggest, and they
> >still tell me this is something they need. Based on the work I've done
> >so far I don't think this is a particularly onerous thing to support in
> >d-i at least as an option, I'm prepared to do the work, and all I'm
> >asking for here is a bit of metadata in the mirror masterlist. If the
> >latter can't be provided because we don't think Debian mirrors will
> >accept the load or whatever, that's fine, I can always make it
> >manual-only or whatever, but at this point it is easier for me to
> >support HTTPS than to argue about it. :-)
>
> You can of course configure HTTPS on your server.
It's their server, not mine.
> MAybe you could configure HTTPS proxy for them. Finally, if they are
> your customers, it's up to you to provide the servicem isn't it?
Which is what I'm doing by doing this work in d-i! Of course I could
just do it in Ubuntu but it seems better to have the code in Debian too;
it can always be mostly disabled by default so that only people who want
to turn it on need to care.
> Note that HTTPS clients verify the servers' certificate and multiple debian
> mirrors with different hostnames can not have the same certificate, nor it's
> sane to maintain different certificates for each hostname on each mirror ...
Well aware of that, thanks.
--
Colin Watson [cjwatson@debian.org]
Reply to: