Bug#991972: More information

To: Xan Charbonnet <xan@charbonnet.com>, 991972@bugs.debian.org
Cc: Debian WWW Team <debian-www@lists.debian.org>
Subject: Bug#991972: More information
From: Tomas Pospisek <tpo_deb@sourcepole.ch>
Date: Fri, 20 Aug 2021 16:31:02 +0200 (CEST)
Message-id: <[🔎] 9324347b-76d4-6733-378d-9ec0fb851ba7@sourcepole.ch>
Reply-to: Tomas Pospisek <tpo_deb@sourcepole.ch>, 991972@bugs.debian.org
In-reply-to: <[🔎] a9e29f8f-5323-0cd7-0c51-fc7211e0560d@charbonnet.com>
References: <2cf6d0ac-a12a-c176-a549-e19e1219effd@sourcepole.ch> <[🔎] 0923b48e-7d24-b964-bbd7-a829f7a18511@charbonnet.com> <handler.991972.D991972.162833346218047.notifdone@bugs.debian.org> <[🔎] 0923b48e-7d24-b964-bbd7-a829f7a18511@charbonnet.com> <[🔎] a9e29f8f-5323-0cd7-0c51-fc7211e0560d@charbonnet.com> <[🔎] 0923b48e-7d24-b964-bbd7-a829f7a18511@charbonnet.com>

So I'm not sure what to do about this ticket.

The current situation is:

* we have backports.org - which does *not* belong to Debian
* when accessing it, some variations of the URL get forwarded to
  https://backports.debian.org/ and some break in various way

My opinion on this is: let's let the backports.org URL die or be brokenlike it is. If people notice then let them manually switch the URL theyuse to https://backports.debian.org/.


*t

On Sun, 15 Aug 2021, Xan Charbonnet wrote:

Sorry, I should have checked this on more than one browser before reporting.
For some reason my ancient Firefox profile, when I browse to "backports.org",redirects to https://www.backports.org/. Perhaps this was a cached permanentredirect, or something to do with HSTS.
On a naive profile (with seemingly any browser), browsing to "backports.org"fails, because backports.org has no A record. Not terribly friendly but nota problem. It sounds like your browser has some memory that pointsbackports.org to backports.debian.org. A naive browser has no way to returnanything for https://backports.org/ or http://backports.org/.
www.backports.org does have a CNAME record: it points tobackports.debian.org, which seems to have the same IP address as debian.org.Browsing to http://www.backports.org/ is successful: the Debian webserverredirects the request to https://backports.debian.org/, and when accessed viathat name, the Debian webserver correctly serves the backports page.
However, when you browse to https://www.backports.org/ (note the secureprotocol), that's when it breaks. The Debian webserver defaults to servingthe Debian homepage, complete with the TLS certificate for debian.org. Thiscauses a nasty security error in the browser, and if bypassed, results in theDebian homepage loading at https://www.backports.org/ rather than theBackports page.
The only remaining mystery is why my Firefox profile is handling"backports.org" the way it is. I'm trying to figure out how to diagnosethat, but it doesn't seem like there's much visibility to that kind of thing.It could be something that affects everybody who visited backports.org duringa particular timeframe.
--
To unsubscribe, send mail to 991972-unsubscribe@bugs.debian.org.

Reply to:

Follow-Ups:
- Re: Bug#991972: More information
  - From: Xan Charbonnet <xan@charbonnet.com>

References:
- Bug#991972: backports.org invalid certificate
  - From: Xan Charbonnet <xan@charbonnet.com>
- Bug#991972: More information
  - From: Xan Charbonnet <xan@charbonnet.com>

Prev by Date: Re: pootle at ddtp
Next by Date: [DebianWiki] Bullseye wiki update with new color scheme
Previous by thread: Bug#991972: More information
Next by thread: Re: Bug#991972: More information
Index(es):
- Date
- Thread