On 2/9/21 3:48 PM, Chris Drake wrote:
Your Wkii page here:
https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F
After discussion in which it was confirmed that TLS *could* be implemented "but traditionally we have not done so", was just updated by Manuel Wolfshant with the following lie:-
/Note: downloads are hosted on a mirror network, where we cannot mandate that every mirror node runs SSL/TLS, hence using regular http and not enforcing https/
False statements are disgusting to begin with, but ones that attempt to excuse the lazy decision to put all CentOS customers at risk are totally unacceptable. LE is free and easy to use and setup - it's a no-brainer to fix this problem, assuming someone isn't getting a kickback from some 3-letter-agency to leave this exploitable security hole open ?
This kind of personal attack on our trusted, respected community members is simply not acceptable on this list.
Perhaps you would like to reach out to each of our mirror hosts and help them get LE set up on each of their servers?