On Wed, 2019-07-31 at 13:34 -0700, Kevin Fenzi wrote: > On 7/31/19 12:05 PM, Nicolas Mailhot via devel wrote: > > Le mercredi 31 juillet 2019 à 12:25 -0500, Jason L Tibbitts III a > > écrit : > > > > > > > > "KF" == Kevin Fenzi <kevin@xxxxxxxxx> writes: > > > > > > KF> * If you use metalinks, rpm signatures are just gravy on top, in > > > the > > > KF> end you are still just trusing SSL CA's. > > > > > > Only if you trust every mirror to always serve authentic content. > > > > And, just to provide another data point, we tried this month to make > > the network install iso talk to https dnf repos (a reposync of fedora > > devel x86_64, without x86 packages, because we don't have the storage > > budget to mirror 32 bit packages we don't have the use for them > > anyway). The repos themselves worked fine from installed systems. But, > > anaconda refused to use them, till they were re-exposed in plain un- > > secured http. > > Any errors? Bug filed? as long as the certs were valid/normal certs, > there should not be any reason that wouldn't work I wouldn't think. Indeed - this sounds like it could potentially be a serious regression, which should be investigated and fixed. > > kevin > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
