Re: HTTPS for Debian archive mirrors, and CAA

To: Boyuan Yang <073plan@gmail.com>
Cc: debian-mirrors@lists.debian.org
Subject: Re: HTTPS for Debian archive mirrors, and CAA
From: Martin Zobel-Helas <zobel@debian.org>
Date: Mon, 18 Sep 2017 19:52:41 +0200
Message-id: <[🔎] 20170918175241.ba6rv2jddihstjpg@ftbfs.de>
In-reply-to: <[🔎] 1697460.KneJQSWtUh@hosiet-tp>
References: <20170918160119.ngfqjjdobhbuzzw7@betterave.cristau.org> <[🔎] 1697460.KneJQSWtUh@hosiet-tp>

Hi, 

On Tue Sep 19, 2017 at 01:15:03 +0800, Boyuan Yang wrote:
> 在 2017年9月18日星期一 CST 下午6:01:19，Julien Cristau 写道：
> The necessity of setting up https-enabled mirror sites has been discussed 
> several times before and there's no need to repeat it again here. Removing 
> such ability from ftp*.*.debian.org is a step backward, unfortunately.

This is not a step backwards but forwards.  The current situation is
even worse for end users. From time to time DSA needs to repoint
ftp.<CC>.debian.org to different machines. End users will then expect
https to work where-ever we point the mirror entry to. 

With https enabled, we can not do that unless we share certificates or
even private SSL keys among all mirrors, which nearly none of them we
control.

Thus, this change improves the current situation, as end users will have
a defined working setup, which Debian can control.

Cheers,
Martin
-- 
 Martin Zobel-Helas <zobel@debian.org>    Debian System Administrator
 Debian & GNU/Linux Developer                       Debian Listmaster
 http://about.me/zobel                               Debian Webmaster
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B

Reply to:

References:
- Re: HTTPS for Debian archive mirrors, and CAA
  - From: Boyuan Yang <073plan@gmail.com>

Prev by Date: Re: HTTPS for Debian archive mirrors, and CAA
Next by Date: Re: Re: HTTPS for Debian archive mirrors, and CAA
Previous by thread: Re: HTTPS for Debian archive mirrors, and CAA
Next by thread: Re: HTTPS for Debian archive mirrors, and CAA
Index(es):
- Date
- Thread