On Tue, 2020-09-15 at 09:57 -0700, Kevin Fenzi wrote: > On Tue, Sep 15, 2020 at 04:05:09PM +0200, Kamil Paral wrote: > > I'd like to clarify some of our criteria which only refer to HTTP and don't > > mention HTTPS. In particular: > > > > "When using a release-blocking dedicated installer image, the installer > > must be able to use either HTTP or FTP repositories (or both) as package > > sources. Release-blocking network install images must default to a valid > > publicly-accessible package source." > > https://fedoraproject.org/wiki/Basic_Release_Criteria#Remote_package_sources > > > > "The installer must be able to download and use an installer update image > > from an HTTP server." > > https://fedoraproject.org/wiki/Basic_Release_Criteria#Update_image > > > > "When using the dedicated installer images, the installer must be able to > > use HTTP, FTP and NFS repositories as package sources." > > https://fedoraproject.org/wiki/Fedora_33_Beta_Release_Criteria#Remote_package_sources > > > > I propose to change "HTTP" to "HTTP(S)" in all these cases (including > > footnotes, where applicable). > > So, from an infrastructure perspective... we do have http mirrors still. > If you are using a metalink there's not any security problem using http, > although there is a privacy one (anyone sniffing the traffic can see > what you are downloading). > > We no longer have/support ftp mirrors in mirrormanager, we dropped them > a while back. > > I don't know if this case uses a metalink? Does it? > > If we want to keep supporting FTP, we may have to test it locally as > mirrormanager doesn't support it anymore. The criterion as written refers to "repositories", which really is talking about direct repo URLs, not mirrorlists *or* metalinks. openQA tests direct HTTPS repository, direct NFS repository, and HTTPS mirrorlist; it doesn't test metalink (which is why it didn't catch the bug Kamil filed), IIRC because metalink can be flaky if it gets the repo data from a slow server or something. It doesn't test FTP either. I think we could possibly do any or all of the following: 1) As Kamil proposes, change HTTP to HTTP(S) 2) Drop FTP (I don't think we really need to support it any more) 3) Specifically cover metalink and mirrorlist sources -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
