[Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https

Subject: [Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
From: ballombe@debian.org (Bill Allombert)
Date: Sun, 29 Oct 2017 20:35:10 +0100
Message-id: <[🔎] 20171029193509.GP818@yellowpig>
In-reply-to: <[🔎] 20171029182127.tq6l3czg5borvb6p@betterave.cristau.org>
References: <[🔎] 20171029182127.tq6l3czg5borvb6p@betterave.cristau.org> <[🔎] 20171029182127.tq6l3czg5borvb6p@betterave.cristau.org>

On Sun, Oct 29, 2017 at 07:21:27PM +0100, Julien Cristau wrote:
> Package: popularity-contest
> Version: 1.64
> Severity: normal
> User: debian-admin at lists.debian.org
> Usertags: needed-by-DSA-Team
> X-Debbugs-Cc: debian-admin at lists.debian.org
> 
> Hi,
> 
> now that https://popcon.debian.org is a thing, we should update the
> client to POST on https (without certificate checking if you don't want
> to pull in that dependency?).

By design popcon must have minimal dependencies, otherwise results are
skewed.

> Then eventually, in a few (5+) years,
> stop supporting plain http uploads.

We still receive popcon submission from popcon 1.25 released in 2004.
So we would likely receive http submission until 2030.
At this stage the webserver will need to be compatible with
13-years old crypto implementations used by popcon-upload from 2017.

Maybe I am overoptimistic, but OpenPGP seems to be simpler and moving
more slowly than TLS.

So it seems safer to stick with http + OpenPGP.

Cheers,
-- 
Bill. <ballombe at debian.org>

Imagine a large red swirl here.

Reply to:

References:
- [Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
  - From: jcristau@debian.org (Julien Cristau)

Prev by Date: [Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
Previous by thread: [Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
Index(es):
- Date
- Thread