You are not logged in.
@mmaglis . . . Thanks for taking the initiative to find that. I knew it existed and was going to suggest searching for it but thought better of it since I was not inclined to do so myself. IIUC (that's certainly not a given), all the packages are signed so should be secure even without https.
Offline
Ideas?
Firewall?
And I think this should have it's own thread, hi-jacking an official announcement thread seems a bit rude.
Brianna Ghey — Rest In Power
Offline
Note that the apt-transport-https package is needed to take advantage of https sources.
this is only required in ascii. since apt >1.5 (beowulf) it's already included in apt, and that package is just transitional & can go away
Offline
tails uses only https iirc : https://tails.boum.org/contribute/how/mirror/
and their RR still fails, just like devuan : eg. https://dl.amnesia.boum.org/
that makes sense, otherwise devuan would have to share private keys with mirrors, which is of course out of the question.
about https://deb.debian.org , i think it only has one -sponsored- mirror and that's why it works ok.
in all mirror cases i've seen so far, if you want to use apt through https, pick a mirror that supports it..
Offline
Hear ye, hear ye intrepid Devuan users!!
Please use deb.devuan.org in your sources list with http NOT https. It is a round-robin of all available Devuan package mirrors.
...
Finally . . . all Devuan mirrors pull from pkgmaster.devuan.org so please do not add extra load by using it in your sources.list. Use the round-robin - deb.devuan.org - instead.golinux
I made today a fresh install using the devuan_chimaera_4.0.0_amd64_netinstall.iso,
devuan_chimaera_4.0.0_amd64_netinstall.iso 12-Oct-2021 10:48 372M
My /etc/apt/sources.list contains 2 lines after the install
deb http://pkgmaster.devuan.org/merged chimaera-security main contrib non-free
deb-src http://pkgmaster.devuan.org/merged chimaera-security main contrib non-free
all other lines in the file point to deb.devuan.org
So this should be fixed, as it introduces confusion and additional load on my apt-proxy, which creates a new directory for this.
It should be fixed at least for daedalus.
BR
Last edited by bai4Iej2need (2023-05-14 09:15:55)
The devil, you know, is better than the angel, you don't know. by a British Citizen, I don't know too good.
One generation abandons the enterprises of another like stranded vessels. By Henry David Thoreau, WALDEN, Economy. Line 236 (Gutenberg text Version)
broken by design :
https://bugs.debian.org/cgi-bin/bugrepo … bug=958390
Offline