On 4/1/21 12:32 PM, Warren Young wrote: > On Mar 26, 2021, at 7:08 AM, Warren Young <warren at etr-usa.com> wrote: >> >> Is anyone else getting this on dnf upgrade? >> >> [MIRROR] sssd-proxy-2.3.0-9.el8.x86_64.rpm: Interrupted by header callback: Server reports Content-Length: 9937 but expected size is: 143980 > > The short reply size made me think to try a packet capture, and it turned out to be a message from the site’s “transparent” HTTP proxy, telling me that content’s blocked. > > Rather than fight with site IT over the block list, I have a new question: is there any plan for getting HTTPS-only updates in CentOS? Changing all “http” to “https” in my repo conf files just made the update stall, so I assume there are mirrors that are still HTTP-only. No .. we host things on donated servers, we therefore are not putting private keys on there. That (and external mirrors) is why we SIGN repodata.xml. We just can't risk putting private keys for centos.org on machines that are donated.