On 7/31/19 12:05 PM, Nicolas Mailhot via devel wrote: > Le mercredi 31 juillet 2019 à 12:25 -0500, Jason L Tibbitts III a > écrit : >>>>>>> "KF" == Kevin Fenzi <kevin@xxxxxxxxx> writes: >> >> KF> * If you use metalinks, rpm signatures are just gravy on top, in >> the >> KF> end you are still just trusing SSL CA's. >> >> Only if you trust every mirror to always serve authentic content. > > And, just to provide another data point, we tried this month to make > the network install iso talk to https dnf repos (a reposync of fedora > devel x86_64, without x86 packages, because we don't have the storage > budget to mirror 32 bit packages we don't have the use for them > anyway). The repos themselves worked fine from installed systems. But, > anaconda refused to use them, till they were re-exposed in plain un- > secured http. Any errors? Bug filed? as long as the certs were valid/normal certs, there should not be any reason that wouldn't work I wouldn't think. kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
