[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS for Debian archive mirrors, and CAA

在 2017年9月18日星期一 CST 下午6:01:19,Julien Cristau 写道:
> Hi,
> the debian mirrors team needs to be able to point the
> ftp.<CC>.debian.org aliases at different backends based on their status.
> As such, the only service that is guaranteed to be available at these
> names is HTTP.  Offering HTTPS on these names means breakage whenever
> they are pointed at a different mirror.
> Accordingly, we have set CAA records (RFC 6844) on the <CC>.debian.org
> domains to disallow any certificate issuance, and we'd like to ask
> mirror operators who were offering HTTPS under these names to stop doing
> so.  They are of course free to continue offering the service under a
> non-debian.org domain name.
> Thanks,
> Julien

Sorry to hear that. That essentially means that all ftp*.*.debian.org domains 
will no longer be available via HTTPS.

The necessity of setting up https-enabled mirror sites has been discussed 
several times before and there's no need to repeat it again here. Removing 
such ability from ftp*.*.debian.org is a step backward, unfortunately.

P.S. I am aware that deb.debian.org provides https access. However, such CDN 
service is not working well in certain areas of the world, e.g., China 

Boyuan Yang

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: