在 2017年9月18日星期一 CST 下午6:01:19,Julien Cristau 写道: > Hi, > > the debian mirrors team needs to be able to point the > ftp.<CC>.debian.org aliases at different backends based on their status. > As such, the only service that is guaranteed to be available at these > names is HTTP. Offering HTTPS on these names means breakage whenever > they are pointed at a different mirror. > > Accordingly, we have set CAA records (RFC 6844) on the <CC>.debian.org > domains to disallow any certificate issuance, and we'd like to ask > mirror operators who were offering HTTPS under these names to stop doing > so. They are of course free to continue offering the service under a > non-debian.org domain name. > > Thanks, > Julien Sorry to hear that. That essentially means that all ftp*.*.debian.org domains will no longer be available via HTTPS. The necessity of setting up https-enabled mirror sites has been discussed several times before and there's no need to repeat it again here. Removing such ability from ftp*.*.debian.org is a step backward, unfortunately. P.S. I am aware that deb.debian.org provides https access. However, such CDN service is not working well in certain areas of the world, e.g., China mainland. Regards, Boyuan Yang
Attachment:
signature.asc
Description: This is a digitally signed message part.