[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildds: "Authentication warning overridden."

* Wouter Verhelst:

> That's inevitable because http://incoming.debian.org is not signed; The
> update frequency of that repository (which is available only to buildd
> hosts by IP and/or password protection) makes that impossible -- or at
> least that's what I understood; you may want to check with ftp-masters
> for the full story.

In this case, HTTPS should be used to download the packages, together
with proper certificate validation.  This has got the added benefit that
passwords aren't sent in the clear (well, unless an error occurs, but
this is a separate issue).

Reply to: