[Gajim-devel] improve debian repo trustworthiness / ftp.gajim.org TLS issues
Yann Leboulanger
asterix at lagaule.org
Mon Jan 25 22:11:20 CET 2016
On 01/25/2016 04:13 PM, Arian Sanusi wrote:
> Hi all,
>
> gajim.org main website has adequate TLS support, hence the source tarball is trustworthy/secured against in-transport modification. However, the debian/ubuntu repo and other things hosted at ftp.gajim.org are not:
>
> * https://ftp.gajim.org serves a *.leboulanger.org CACert Cert, directory listing empty, no debian repo at https://ftp.gajim.org/debian
> * ftpes://ftp.gajim.org serves an
> * ftp://ftp.gajim.org is unsecured ftp, obviously
>
> I'd encourage you to also serve https://ftp.gajim.org/debian and link the gajim-dev-keyring.deb directly on
> https://gajim.org/downloads.php?lang=en#debian Also switch ftp.gajim.org to letsencrypt as you did with the main site.
>
> I tried to post this as enhancement on trac.gajim.org, but got rejected as spam, due to Bayes filter and http in body.
>
Hi,
All is now done.
--
Yann
More information about the Gajim-devel
mailing list