emdete | de.deb.devuan.org presents a cert for pkgmaster.devuan.org... is that known / intended / ? | 17:37 |
---|---|---|
gnarface | emdete: i'm not sure https is officially supported for repos | 17:51 |
emdete | gnarface: oups... thats bad news | 17:55 |
Jjp137 | iirc HTTPS isn't supported for deb.devuan.org | 17:55 |
Jjp137 | if you need HTTPS, I think you can pick a mirror from here: https://pkgmaster.devuan.org/mirror_list.txt | 17:55 |
Jjp137 | ...and use it directly | 17:55 |
emdete | nowadays https isnt rocketsience, why isnt it supported? | 17:57 |
Jjp137 | ...well there's the whole "is HTTPS necessary for apt" debate that I won't repeat here | 17:58 |
Jjp137 | I'm not too knowledgeable about it myself | 17:58 |
gnarface | emdete: some of the mirrors are properly configured to handle it, some of them are not. the decision was made (because it is not required for apt) not to put the burden of maintenance on the volunteer mirror donors. | 17:59 |
gnarface | emdete: keep in mind packages will be checksummed and signed, so you lose privacy but not package validation | 18:01 |
gnarface | if you need it though, yea you'll just have to figure out which ones work, and pick a specific individual one | 18:01 |
gnarface | it's a problem that will likely be fixed in the future but i don't think they're really putting a high priority on it | 18:02 |
emdete | i struggled over it because my provider tampers with http traffic. after switching to https it works but i found that bug. i wonder if it is not supported why its provided wrongly... | 18:08 |
emdete | so its not only privacy but as well protection against weird providers... :/ | 18:09 |
Evilham | where are you based mdt? | 18:53 |
Evilham | it is true that HTTPS is no rocket science these days, but it is tricky when you don't have full control over the mirrors, which is the case here | 18:54 |
Evilham | they are provided voluntarily by different institutions and they help distribute the bandwidth and load | 18:54 |
Evilham | the way debian is doing HTTPS mirrors is by using a commercial CDN that provides them that service for free | 18:55 |
Evilham | in devuan that's not happening, so https is supported by some mirrors, but not under deb.devuan.org | 18:55 |
KatolaZ | emdete: it's not a matter of being rocket science | 18:58 |
KatolaZ | it's a matter of distributing certs to third parties... | 18:59 |
Evilham | mdt: if you want/have to use HTTPS, currently your best bet is to check the package mirror list, pick one that is relatively close to you and set that up in your sources.list. The full list is here: http://pkgmaster.devuan.org/mirror_list.txt | 18:59 |
emdete | evilham: i'm based in germany in an area with quite bad infrastructure so i have to use LTE/4G which earns some "enhancements" from the provider. so http traffic is filtered and `apt` complained about it | 19:23 |
emdete | evilham: will do. it was more couriosity and no complain at all | 19:24 |
emdete | KatolaZ: so its a dns round robin? cant a redir be done so a different cert could be used? | 19:25 |
KatolaZ | uh? | 19:26 |
KatolaZ | it's a dns rr | 19:26 |
KatolaZ | there is little point in having 15 mirrors and still let all the traffic pass through a single server... | 19:28 |
KatolaZ | emdete: just use pkgmaster.devuan.org via https | 19:31 |
KatolaZ | or any of the other mirrors which support https | 19:32 |
emdete | KatolaZ: a redir (302) wont pass the traffic through the single server, it would just receive the initial requests - you could have one doing only that | 19:36 |
emdete | maybe with some geoip logic to find the nearest - i'm not in that repo business, just a thought 😉 | 19:37 |
KatolaZ | emdete: 302 is bad | 19:37 |
KatolaZ | what of a mirror is down? | 19:37 |
KatolaZ | ... | 19:37 |
KatolaZ | anyway the 302 still requires all the reqs to go through the single server | 19:39 |
KatolaZ | emdete: 302 is URL-based anyway... | 19:41 |
Evilham | mdt: not actually true :-D we tried that, apt won't play well with that | 19:43 |
Evilham | it does follow 302's, it just doesn't remember them | 19:44 |
KatolaZ | Evilham: 302 is a temporary redirect anyway | 19:45 |
KatolaZ | it's URL-based | 19:45 |
Evilham | of course, but mdt assumption *would* make sense up to a point, if apt followed the *first* redirect then used that as a $ARCHIVE_ROOT for all following connections, it *would be* a way to implement apt, but it's *not* defined to work that way, you know that, I know that, I am explaining why what can sound logical at first, is actually not doable | 19:50 |
KatolaZ | oh ok :) | 19:52 |
KatolaZ | I thought that was clear to everybody :) | 19:52 |
Evilham | not everybody who uses apt has needed to read how repositories are defined, so it is a tempting assumption to make | 19:54 |
emdete | KatolaZ: but thank you for explanation... so much to learn, so little time 🙂 | 20:24 |
KatolaZ | emdete: don't mention :) | 20:38 |
Bjornn | I didn't notice it before but battery power indicator shows 0 now with the upgrade to ascii. That's on cinnamon. | 20:38 |
Bjornn | I might need to use a different de | 20:38 |
KatolaZ | we are all under time pressure, unfortunately | 20:38 |
watchcat | cinnamon always seemed pretty buggy to me. | 20:47 |
Bjornn | not compatible with ascii now for the most part it seems. | 23:05 |
buZz | Bjornn: you could just install gkrellm or conky | 23:22 |
buZz | and add its status output to your cinnamon | 23:22 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!