[CentOS-devel] TLS/https for {buildlogs,cloud}.centos.org

Mon Jan 23 13:04:14 UTC 2017
Fabian Arrotin <arrfab at centos.org>

Hi,

Last week we enabled https for buildlogs.centos.org and
cloud.centos.org, but we haven't (yet) enforced the redirection.

So both are available over http:// and https://

For buildlogs, as we already have redirection in place (RewriteRules)
for content to the backend (see
https://lists.centos.org/pipermail/centos-devel/2016-March/014552.html)
, we can enforce the redirection without any issue (and good news is
that the CDN backend also support https so it will be https end-to-end),
so I'll implement the additional http=>https redirect soon

My only concern is about doing the same for cloud.centos.org as we have
no ideas about how people are "consuming" those images (and the wrapper
script they use around it). As mentioned in the previous mail wrt
buildlogs, people using wget will not suffer from the redirection, but
people using curl can be impacted (if used without --location)

Searching so for comments/opinions and if no real impact, we can start
the automatic redirection in the next two weeks. (after having sent a
mail to the -announce first)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20170123/3dd3e407/attachment-0007.sig>