Jessica Clarke dixit:
>benefit (primarily that a malicious actor can’t withhold updates;
>Valid-Until is on a much longer timescale than TLS). Most of the other
I don’t get that part. But I only know about the backend issue
because Valid-Until will shrink to 3? 7? days for -security soon
(see IRC
Control: retitle -1 pbuilder: does not autodetect https mirrors
On 17 Nov 2021, at 22:44, Thorsten Glaser wrote:
>
> ydir...@free.fr dixit:
>
>> Nowadays only HTTPS entries are in sources.list (maybe that could
>
> What? No!
It’s not the default in debootstrap or choose-mirror, but it can be
ydir...@free.fr dixit:
>Nowadays only HTTPS entries are in sources.list (maybe that could
What? No!
Besides, the CDN uses HTTP to the backend servers internally, so
you SHOULD NOT use https with deb.debian.org or the older httpredir
to avoid a false sense of security.
bye,
//mirabilos
--
21:12
Package: pbuilder
Version: 0.231
Nowadays only HTTPS entries are in sources.list (maybe that could
unblock a fix for #790565 ?), the debconf script seems to fail to
detect a mirror as described in that bugreport... and we are shown:
Here is a valid mirror example: http://deb.debian.org/debian
4 matches
Mail list logo
