[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: When should we https our mirrors?

There's nothing stopping mirror operators from enabling HTTPS. Some of them actually have done it already:
(and there's more in non-*.debian.org domains)

We should have an official list of HTTPS mirrors, and encourage more operators to enable it.

On a semi-unrelated note:

Some of ftp*.*.d.o and cdimage.d.o mirrors serve random free (and sometimes non-free) software that is not Debian[*]. This may mislead inexperienced people into thinking that this software is endorsed or even produced by Debian. Should we insist that only Debian is served from these domains?

[*] See e.g.: https://ftp.se.debian.org/

Jakub Wilk

Reply to: