libera/#devuan/ Sunday, 2019-03-24

emdetede.deb.devuan.org presents a cert for pkgmaster.devuan.org... is that known / intended / ?17:37
gnarfaceemdete: i'm not sure https is officially supported for repos17:51
emdetegnarface: oups... thats bad news17:55
Jjp137iirc HTTPS isn't supported for deb.devuan.org17:55
Jjp137if you need HTTPS, I think you can pick a mirror from here: https://pkgmaster.devuan.org/mirror_list.txt17:55
Jjp137...and use it directly17:55
emdetenowadays https isnt rocketsience, why isnt it supported?17:57
Jjp137...well there's the whole "is HTTPS necessary for apt" debate that I won't repeat here17:58
Jjp137I'm not too knowledgeable about it myself17:58
gnarfaceemdete: some of the mirrors are properly configured to handle it, some of them are not.  the decision was made (because it is not required for apt) not to put the burden of maintenance on the volunteer mirror donors.17:59
gnarfaceemdete: keep in mind packages will be checksummed and signed, so you lose privacy but not package validation18:01
gnarfaceif you need it though, yea you'll just have to figure out which ones work, and pick a specific individual one18:01
gnarfaceit's a problem that will likely be fixed in the future but i don't think they're really putting a high priority on it18:02
emdetei struggled over it because my provider tampers with http traffic. after switching to https it works but i found that bug. i wonder if it is not supported why its provided wrongly...18:08
emdeteso its not only privacy but as well protection against weird providers... :/18:09
Evilhamwhere are you based mdt?18:53
Evilhamit is true that HTTPS is no rocket science these days, but it is tricky when you don't have full control over the mirrors, which is the case here18:54
Evilhamthey are provided voluntarily by different institutions and they help distribute the bandwidth and load18:54
Evilhamthe way debian is doing HTTPS mirrors is by using a commercial CDN that provides them that service for free18:55
Evilhamin devuan that's not happening, so https is supported by some mirrors, but not under deb.devuan.org18:55
KatolaZemdete: it's not a matter of being rocket science18:58
KatolaZit's a matter of distributing certs to third parties...18:59
Evilhammdt: if you want/have to use HTTPS, currently your best bet is to check the package mirror list, pick one that is relatively close to you and set that up in your sources.list. The full list is here: http://pkgmaster.devuan.org/mirror_list.txt18:59
emdeteevilham: i'm based in germany in an area with quite bad infrastructure so i have to use LTE/4G which earns some "enhancements" from the provider. so http traffic is filtered and `apt` complained about it19:23
emdeteevilham: will do. it was more couriosity and no complain at all19:24
emdeteKatolaZ: so its a dns round robin? cant a redir be done so a different cert could be used?19:25
KatolaZuh?19:26
KatolaZit's a dns rr19:26
KatolaZthere is little point in having 15 mirrors and still let all the traffic pass through a single server...19:28
KatolaZemdete: just use pkgmaster.devuan.org via https19:31
KatolaZor any of the other mirrors which support https19:32
emdeteKatolaZ: a redir (302) wont pass the traffic through the single server, it would just receive the initial requests - you could have one doing only that19:36
emdetemaybe with some geoip logic to find the nearest - i'm not in that repo business, just a thought 😉19:37
KatolaZemdete: 302 is bad19:37
KatolaZwhat of a mirror is down?19:37
KatolaZ...19:37
KatolaZanyway the 302 still requires all the reqs to go through the single server19:39
KatolaZemdete: 302 is URL-based anyway...19:41
Evilhammdt: not actually true :-D we tried that, apt won't play well with that19:43
Evilhamit does follow 302's, it just doesn't remember them19:44
KatolaZEvilham: 302 is a temporary redirect anyway19:45
KatolaZit's URL-based19:45
Evilhamof course, but mdt  assumption *would* make sense up to a point, if apt followed the *first* redirect then used that as a $ARCHIVE_ROOT for all following connections, it *would be* a way to implement apt, but it's *not* defined to work that way, you know that, I know that, I am explaining why what can sound logical at first, is actually not doable19:50
KatolaZoh ok :)19:52
KatolaZI thought that was clear to everybody :)19:52
Evilhamnot everybody who uses apt has needed to read how repositories are defined, so it is a tempting assumption to make19:54
emdeteKatolaZ: but thank you for explanation... so much to learn, so little time 🙂20:24
KatolaZemdete: don't mention :)20:38
BjornnI didn't notice it before but battery power indicator shows 0 now with the upgrade to ascii. That's on cinnamon.20:38
BjornnI might need to use a different de20:38
KatolaZwe are all under time pressure, unfortunately20:38
watchcatcinnamon always seemed pretty buggy to me.20:47
Bjornnnot compatible with ascii now for the most part it seems.23:05
buZzBjornn: you could just install gkrellm or conky23:22
buZzand add its status output to your cinnamon23:22

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!