Download | Devuan.org | Git | Bugs | Packages

The officially official Devuan Forum!

You are not logged in.

Pages: 1

#1 Re: News & Announcements » sources.list confusion. » 2020-01-28 11:46:31

Jens
mmaglis wrote:

So why not control the mirrors served by round-robin deb.devuan.org and demand HTTPS?
Or alternatively have two round-robins one serving HTTPS only and the other HTTP only.

Instead of deb.devuan.org: debs.devuan.org or deb-ssl. or deb-https.

Then every server needs the same certificate for deb-ssl.devuan.org or you get warnings/error about wrong certs.

Could there be a devuan (web/deb) server with ssl that provides for every package request a "Content moved temporary to https://dev.otherserver.org"?

Every server needs the same content, the same package versions and the same package list. That sounds more like a https proxy. Would it be less work for the devuan server to get just the https request for a package/packagelist, answer with a moved temporarily and the proxy answers with the data or requests the data from the devuan server and answers with the data.

#2 Re: News & Announcements » sources.list confusion. » 2020-01-26 11:07:04

Jens
mmaglis wrote:
Jens wrote:

* If you used https:// before, please change to http://.

Noted. I changed my sources.list from HTTPS to HTTP and I confirm package updates work correctly now with deb.devuan.org URL.

This, to a degree, is not secure/private.
Is there any plan to ever make HTTPS round-robin work with all mirrors?

Why is pkgmaster.devuan.org allowing connections from non-mirrors (e.g. clients)?
Isn't there or shouldn't be a kind of mirror registration process that would additionally check the quality of mirror configuration (e.g. certificate)?

In doubt: there are too few developers to to do the work. Though IMHO you are right, https is better.

#3 Re: News & Announcements » sources.list confusion. » 2020-01-26 10:08:17

Jens

* If you used https:// before, please change to http://.

#4 Re: News & Announcements » [package bump request] Youtube-dl » 2019-01-26 21:02:14

Jens

You can also copy it to ~/bin and write a nightly user cron job. I wrote a Howto in the debian wiki: https://wiki.debian.org/JensKorte/youtube-dl

Pages: 1

Board footer

Forum Software