[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS metadata in Mirrors.masterlist?

On Sun, 9 Apr 2017, Bastian Blank wrote:

[ Dropped debian-boot from recipients ]

On Sun, Apr 09, 2017 at 12:07:33PM +0200, Axel Beckert wrote:
Peter Palfrader wrote:
Adding https just makes this a whole extra mess.
As outlined in my recent mail I don't think that it's that much of an
extra-effort once we track HTTPS in Mirrors.masterlist. And I
especially think the gain outweighs the additional effort.

Please describe a workflow that allows us to re-point ftp.*.debian.org at
will without intervention of the admin of the real system.  No, Let's
Encrypt does not help, as this only allows to add live hostnames to

Well, if you accept a few minutes of downtime (i.e. horrible error messages from apt), you can repoint and then ssh-trigger a certbot run with adding another SAN. A bit on the hairy side to setup, and you'd still get failures until the httpd has picked up the new cert. Also, you might run into LE quota rules..

/Mattias Wadenstein

Reply to: