Re: Rolling out Phase I of rawhide package gating

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/31/19 4:34 PM, Kevin Fenzi wrote:
On 7/31/19 12:05 PM, Nicolas Mailhot via devel wrote:
And, just to provide another data point, we tried this month to make
the network install iso talk to https dnf repos (a reposync of fedora
devel x86_64, without x86 packages, because we don't have the storage
budget to mirror 32 bit packages we don't have the use for them
anyway). The repos themselves worked fine from installed systems. But,
anaconda refused to use them, till they were re-exposed in plain un-
secured http.
Any errors? Bug filed? as long as the certs were valid/normal certs,
there should not be any reason that wouldn't work I wouldn't think.

My guess would be a protocol version or cipher suite negotiation failure, presumably because the HTTPS end points use newer configurations that exclude old versions and ciphers. Hopefully Nicholas will find the real reason.


BTW, the new crypto systems like wireguard are eschewing crypto negotiation: if the current protocols are determined  to be lacking, the plan is to push a new version and force everyone to upgrade.

It's pretty harsh from the operational point of view, but they have a point: if the crypto is vulnerable, it should not be possible to force a downgrade on connections you care about, and you can still run the old protocol specifically for endpoints which you cannot upgrade.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux