On Wed, Jul 31, 2019 at 09:05:21PM +0200, Nicolas Mailhot via devel wrote: > Le mercredi 31 juillet 2019 à 12:25 -0500, Jason L Tibbitts III a > écrit : > > > > > > > "KF" == Kevin Fenzi <kevin@xxxxxxxxx> writes: > > > > KF> * If you use metalinks, rpm signatures are just gravy on top, in > > the > > KF> end you are still just trusing SSL CA's. > > > > Only if you trust every mirror to always serve authentic content. > > And, just to provide another data point, we tried this month to make > the network install iso talk to https dnf repos (a reposync of fedora > devel x86_64, without x86 packages, because we don't have the storage > budget to mirror 32 bit packages we don't have the use for them > anyway). The repos themselves worked fine from installed systems. But, > anaconda refused to use them, till they were re-exposed in plain un- > secured http. It's odd that they would work from an installed system and not anaconda. Are you using a self-signed cert on them? If so you can pass inst.noverifyssl to anaconda to tell it to ignore the error but still use https. -- Brian C. Lane (PST8PDT) - weldr.io - lorax - parted _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
