On 19-10-2022 10:31, Neal Gompa wrote:
On Wed, Oct 19, 2022 at 4:01 AM Vitaly Zaitsev via devel
<devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 19/10/2022 09:48, Peter Robinson wrote:
Sure but as mentioned it's public data, and the modification, and I
covered that in my reply, would be picked up by the other mechanisms.
They can collect a lot of sensitive information: your IP, Fedora
version, packages version, etc. This can help with recon for attackers.
HTTPS does not help with that. It's just a transport protocol.
Security is covered, as probinson already mentioned, by internal
verification.
There isn't actually that many mirrors left do we
really want to reduce the number more for end users for no actual
improvement in security?
It will improve privacy at least.
Not in any meaningful way, and in most cases HTTPS makes mirrors slower too.
If privacy is your concern, which is something the user has to decide,
there's the torproxy plugin for DNF. I think that would protect your
privacy and allow use of plain http - win/win.
Ultimately bandwidth is expensive in a lot of
parts of the world for commercial entities to provide, that's why
there's mirrors.
Fedora COPR has moved to Amazon CDN. Maybe Fedora's main mirror can
switch to a CDN too?
We don't have a "main mirror" for that to work.
So, this has been looked into already? It definitely sounds like it
could help in sparsely served parts of the world at a reasonable cost.
-- Sandro (just throwing in my $0.02)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
