[Gajim-devel] improve debian repo trustworthiness / ftp.gajim.org TLS issues

Arian Sanusi gajim at semioptimal.net
Mon Jan 25 16:13:17 CET 2016

Hi all,

gajim.org main website has adequate TLS support, hence the source tarball is trustworthy/secured against in-transport modification. However, the debian/ubuntu repo and other things hosted at ftp.gajim.org are not:

* https://ftp.gajim.org serves a *.leboulanger.org CACert Cert, directory  listing empty, no debian repo at https://ftp.gajim.org/debian
* ftpes://ftp.gajim.org serves an
* ftp://ftp.gajim.org is unsecured ftp, obviously

I'd encourage you to also serve https://ftp.gajim.org/debian and link the gajim-dev-keyring.deb directly on
https://gajim.org/downloads.php?lang=en#debian Also switch ftp.gajim.org to letsencrypt as you did with the main site.

I tried to post this as enhancement on trac.gajim.org, but got rejected as spam, due to Bayes filter and http in body.

best regards,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.gajim.org/pipermail/gajim-devel/attachments/20160125/c39355da/attachment.sig>

More information about the Gajim-devel mailing list