[CentOS-devel] Source code missing, and insecure delivery pages linked
Rich Bowen
rbowen at redhat.comTue Feb 9 14:10:00 UTC 2021
- Previous message: [CentOS-devel] Source code missing, and insecure delivery pages linked
- Next message: [CentOS-devel] Source code missing, and insecure delivery pages linked
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2/9/21 1:09 AM, Chris Drake wrote: > 1. Your info page here: > > https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F > <https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F> > > links to an insecure download resource: > http://mirror.centos.org/centos/8-stream/ > <http://mirror.centos.org/centos/8-stream/> As a question that gets asked several times a year, it would be great if someone could update that entry on the wiki (or perhaps link to somewhere that it's been addressed) to reflect *why* this is http and https? In short, it's because downloads are hosted on a mirror network, where we cannot mandate that every mirror node run SSL/TLS. Well, I suppose we *could*, but traditionally we have not done so, as the additional requirement is likely to reduce the number of willing participants in that mirror network.
- Previous message: [CentOS-devel] Source code missing, and insecure delivery pages linked
- Next message: [CentOS-devel] Source code missing, and insecure delivery pages linked
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list