Re: Certificate failure on ftp.debian.au
On Sat, Sep 10, 2011 at 11:19:25PM +1000, Heddle Weaver wrote:
> On 10 September 2011 22:06, Dominik Bay <eimann@etherkiller.de> wrote:
> > On Sat, Sep 10, 2011 at 13:46, Heddle Weaver <weaver2world@gmail.com>
> > wrote:
> > > I haven't joined the list, but thought I should let somebody know.
> > > These are the lines I'm receiving through aptitude at present:
> > >
> > > root@192-168-1-1:/home/nomad# aptitude update
> > > Ign https://ftp.au.debian.org unstable InRelease
> >
> > Why are you using https in the first place?
>
> *http://tinyurl.com/427rzrm
Please don't use shortened urls ..
http://packages.debian.org/sid/apt-transport-https
> > If you want to use https,
>
> I do and the way the world's going, you're mad if you don't.
Integrity and authentication of packages are already achieved in Debian through
debian-archive-keyring package (which contains public gpg key used) and signed
checksums in the archive (by this same key).
> > you should take care of trusting certificates too.
>
> I do.
> I contacted the list because I thought there may be a problem.
> Apparently the situation is a maintenance one.
There is no https mirror in the list advertised and used in the Debian
installer.
So there is no check a https daemon running neither validity of SSL
certificates of mirrors.
The SSL certificate is appears to be auto-signed and generated for
mirror.linux.org.au, the hoster of ftp.au.d.o.
--
Simon Paillard
Reply to: