You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#2 Yesterday 18:16:30
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,860
Re: Question about https://deb.devuan.org/
Don't use https with deb.devuan.org. It's a round-robin and not all mirrors support https. If you go to http://deb.devuan.org you'll see the same page as https://pkgmaster.devuan.org.
If you feel a need to use https in your sources.list, you'll need to select a specific mirror that supports it.
I got this explanation from someone else:
Normally sources.list uses http:// protocol not https:// protocol and the mirrors *if* they were to use https would require distributing the certificates to all of the mirrors. Not practical. And the signed Releases file was designed before https and protects the integrity of the transfers without needing https.
Offline
#3 Today 06:30:21
Re: Question about https://deb.devuan.org/
Does this mean opening the first vhost on port 443 is normal behavior when opening https://deb.devuan.org?
In my opinion, the mirror is configured incorrectly.
I expect to see deb.devuan.org, a redirect to http://deb.devuan.org, or nothing when opening https://deb.devuan.org, but I see the first website I come across on the same hosting.
In my opinion, this isn't normal.
Offline
#4 Today 11:34:44
- RedGreen925
- Member
- Registered: 2024-12-07
- Posts: 293
Re: Question about https://deb.devuan.org/
In my opinion, this isn't normal.
It is normal for apt everything is signed with the official Debian or in this case Devuan gpg keys. This provides the security in knowing you are getting exactly what was uploaded to the mirrors. If the signatures do not match apt errors and will not install from that mirror. If that is not good enough for your security needs then do not use it or pony up the cash and effort to make every single mirror capable of supporting SSL over the http connection(s).
Offline
Pages: 1
