[Gajim-devel] improve debian repo trustworthiness / ftp.gajim.org TLS issues
Arian Sanusi
gajim at semioptimal.net
Mon Jan 25 16:13:17 CET 2016
Hi all,
gajim.org main website has adequate TLS support, hence the source tarball is trustworthy/secured against in-transport modification. However, the debian/ubuntu repo and other things hosted at ftp.gajim.org are not:
* https://ftp.gajim.org serves a *.leboulanger.org CACert Cert, directory listing empty, no debian repo at https://ftp.gajim.org/debian
* ftpes://ftp.gajim.org serves an
* ftp://ftp.gajim.org is unsecured ftp, obviously
I'd encourage you to also serve https://ftp.gajim.org/debian and link the gajim-dev-keyring.deb directly on
https://gajim.org/downloads.php?lang=en#debian Also switch ftp.gajim.org to letsencrypt as you did with the main site.
I tried to post this as enhancement on trac.gajim.org, but got rejected as spam, due to Bayes filter and http in body.
best regards,
Arian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.gajim.org/pipermail/gajim-devel/attachments/20160125/c39355da/attachment.sig>
More information about the Gajim-devel
mailing list