Am 21.05.2014 18:01, schrieb Reindl Harald: > > > Am 21.05.2014 16:55, schrieb Kevin Fenzi: >> On Tue, 20 May 2014 22:47:12 +0200 >> Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: >> >>> simple example: >>> >>> https://koji.fedoraproject.org/koji/buildinfo?buildID=516900 >>> >>> the page itself is encrypted >>> >>> *but* all the download-links are not >>> http://kojipkgs.fedoraproject.org//packages/gcc/4.8.2/18.fc20/src/gcc-4.8.2-18.fc20.src.rpm >>> >>> why? >> >> Well, until very recently, kojipkgs didn't offer https at all. >> >> We can look at switching the default, but then it means koji uses https >> to talk to kojipkgs (which I assure you it does more than any external >> downloading does), which might mean more overhead and slower builds > > no need to change the defaults > > IMHO it should not be that complicated to add the https:// prefix > only for webpage-output without changing internal defaults or if > that won't work for now if add the https:// in case of a wget > command would work at all looks like https://kojipkgs.fedoraproject.org/ supports SSL now sadly the download links are still http and so someone needs to copy the urls and change the prefix, as example https://koji.fedoraproject.org/koji/buildinfo?buildID=518996 BTW: https://koji.fedoraproject.org/ supports DHE ciphers while https://kojipkgs.fedoraproject.org/ don't and none of both AES-GCM https://addons.mozilla.org/de/firefox/addon/calomel-ssl-validation/
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
