[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS for Debian archive mirrors, and CAA


On Tue Sep 19, 2017 at 01:15:03 +0800, Boyuan Yang wrote:
> 在 2017年9月18日星期一 CST 下午6:01:19,Julien Cristau 写道:
> The necessity of setting up https-enabled mirror sites has been discussed 
> several times before and there's no need to repeat it again here. Removing 
> such ability from ftp*.*.debian.org is a step backward, unfortunately.

This is not a step backwards but forwards.  The current situation is
even worse for end users. From time to time DSA needs to repoint
ftp.<CC>.debian.org to different machines. End users will then expect
https to work where-ever we point the mirror entry to. 

With https enabled, we can not do that unless we share certificates or
even private SSL keys among all mirrors, which nearly none of them we

Thus, this change improves the current situation, as end users will have
a defined working setup, which Debian can control.

 Martin Zobel-Helas <zobel@debian.org>    Debian System Administrator
 Debian & GNU/Linux Developer                       Debian Listmaster
 http://about.me/zobel                               Debian Webmaster
 GPG Fingerprint:  6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B 

Reply to: