Re: buildds: "Authentication warning overridden."

To: debian-devel@lists.debian.org
Subject: Re: buildds: "Authentication warning overridden."
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 11 Nov 2007 13:27:14 +0100
Message-id: <[🔎] 87y7d5rmql.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20071110161022.GE4909@country.grep.be> (Wouter Verhelst's message of "Sat, 10 Nov 2007 17:10:22 +0100")
References: <[🔎] fh2vdq$77g$1@ger.gmane.org> <[🔎] 20071110161022.GE4909@country.grep.be>

* Wouter Verhelst:

> That's inevitable because http://incoming.debian.org is not signed; The
> update frequency of that repository (which is available only to buildd
> hosts by IP and/or password protection) makes that impossible -- or at
> least that's what I understood; you may want to check with ftp-masters
> for the full story.

In this case, HTTPS should be used to download the packages, together
with proper certificate validation.  This has got the added benefit that
passwords aren't sent in the clear (well, unless an error occurs, but
this is a separate issue).

Reply to:

Follow-Ups:
- Re: buildds: "Authentication warning overridden."
  - From: Steve Langasek <vorlon@debian.org>
- Re: buildds: "Authentication warning overridden."
  - From: Bastian Blank <waldi@debian.org>
- Re: buildds: "Authentication warning overridden."
  - From: Ian Jackson <ian@davenant.greenend.org.uk>

References:
- buildds: "Authentication warning overridden."
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: buildds: "Authentication warning overridden."
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: buildds: "Authentication warning overridden."
Next by Date: Re: Long-term mass bug filing for crossbuild support
Previous by thread: Re: buildds: "Authentication warning overridden."
Next by thread: Re: buildds: "Authentication warning overridden."
Index(es):
- Date
- Thread