[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildds: "Authentication warning overridden."

On Sun, Nov 11, 2007 at 09:24:12AM -0800, Steve Langasek wrote:
> On Sun, Nov 11, 2007 at 01:27:14PM +0100, Florian Weimer wrote:
> > * Wouter Verhelst:
> 
> > > That's inevitable because http://incoming.debian.org is not signed; The
> > > update frequency of that repository (which is available only to buildd
> > > hosts by IP and/or password protection) makes that impossible -- or at
> > > least that's what I understood; you may want to check with ftp-masters
> > > for the full story.
> 
> > In this case, HTTPS should be used to download the packages, together
> > with proper certificate validation.  This has got the added benefit that
> > passwords aren't sent in the clear (well, unless an error occurs, but
> > this is a separate issue).
> 
> I believe the Packages file is only exposed over ssh

It's received over http.  The only thing ssh is used for is talking
to wanna-build.


Kurt
Reply to: