Re: SSL on download1.rpmfusion.org
Hm ok by the time the email came to the ML, the ssl version of download1
is working :)
And Warren sent me another remark:
<warren> additionally, the rpmfusion GPG keys should be uploaded to the
key servers, with a few well known developers signing them
<warren> that way they're part of the Web of Trust strong set
<warren> right now there's no way to easily verify that the key the
website told you to use is the right one
This one i can't do anything about, i think
Le 23/09/2016 à 11:03, Gaël STEPHAN a écrit :
Guys,
Warren ( i guess some of you knows him ) pointed to me that the repo rpm
file was downloaded from a http server, not a https one, and well he has
a point. So i'm gonna make a cert on https://letsencrypt.org/ and setup
the https vhost for download1.rpmfusion.org.
I'll let you know when it's ok, so you can change the download link, and
maybe setup a rewrite so all http links become https ones.
If you have any concern or problem with this, please let me know!
Pix