SSL on download1.rpmfusion.org
Gaël STEPHAN
pix at offmysoul.me
Fri Sep 23 11:26:52 CEST 2016
Hm ok by the time the email came to the ML, the ssl version of download1
is working :)
And Warren sent me another remark:
<warren> additionally, the rpmfusion GPG keys should be uploaded to the
key servers, with a few well known developers signing them
<warren> that way they're part of the Web of Trust strong set
<warren> right now there's no way to easily verify that the key the
website told you to use is the right one
This one i can't do anything about, i think
Le 23/09/2016 à 11:03, Gaël STEPHAN a écrit :
> Guys,
>
> Warren ( i guess some of you knows him ) pointed to me that the repo rpm
> file was downloaded from a http server, not a https one, and well he has
> a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup
> the https vhost for download1.rpmfusion.org.
>
> I'll let you know when it's ok, so you can change the download link, and
> maybe setup a rewrite so all http links become https ones.
>
> If you have any concern or problem with this, please let me know!
>
> Pix
>
More information about the rpmfusion-developers
mailing list