[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS metadata in Mirrors.masterlist?

On 05/10/2017 10:50 AM, Julien Cristau wrote:
> On 05/10/2017 10:36 AM, Axel Beckert wrote:
>> Hi,
>>
>> Bastian Blank wrote:
>>> On Sun, Apr 09, 2017 at 12:07:33PM +0200, Axel Beckert wrote:
>>>> Peter Palfrader wrote:
>>>>> Adding https just makes this a whole extra mess.
>>>> As outlined in my recent mail I don't think that it's that much of an
>>>> extra-effort once we track HTTPS in Mirrors.masterlist. And I
>>>> especially think the gain outweighs the additional effort.
>>>
>>> Please describe a workflow that allows us to re-point ftp.*.debian.org at
>>> will without intervention of the admin of the real system.
>>
>> IIRC I outlined this before: A wild card certificate for
>> ftp.*.debian.org (or ftp*.*.debian.org as there are hostnames like
>> ftp2.de.debian.org out there) on those DSA-controlled machines like
>> kassia which work as temporary replacement.
>>
> In most cases those temporary replacements aren't DSA-controlled machines.
> 
Not to mention that multi-wildcard or
wildcard-not-in-the-leftmost-component is fishy, if it even works at all.

Cheers,
Julien
Reply to: