Re: HTTPS metadata in Mirrors.masterlist?
On Sun, 9 Apr 2017, Bastian Blank wrote:
[ Dropped debian-boot from recipients ]
On Sun, Apr 09, 2017 at 12:07:33PM +0200, Axel Beckert wrote:
Peter Palfrader wrote:
Adding https just makes this a whole extra mess.
As outlined in my recent mail I don't think that it's that much of an
extra-effort once we track HTTPS in Mirrors.masterlist. And I
especially think the gain outweighs the additional effort.
Please describe a workflow that allows us to re-point ftp.*.debian.org at
will without intervention of the admin of the real system. No, Let's
Encrypt does not help, as this only allows to add live hostnames to
Well, if you accept a few minutes of downtime (i.e. horrible error
messages from apt), you can repoint and then ssh-trigger a certbot run
with adding another SAN. A bit on the hairy side to setup, and you'd still
get failures until the httpd has picked up the new cert. Also, you might
run into LE quota rules..