From kivagant at gmail.com Tue Apr 16 01:46:38 2019 From: kivagant at gmail.com (Eugene Glotov) Date: Tue, 16 Apr 2019 11:46:38 +0300 Subject: [GF-Users] Any chance to have https for mirror.ghettoforge.org? In-Reply-To: <642931d1-32ec-45a5-9192-b6a1886fca06@Spark> References: <642931d1-32ec-45a5-9192-b6a1886fca06@Spark> Message-ID: Hello. I'm not sure if this is a right mail list to ask the question. Sorry if it isn't, just ignore then. I found a useful package located on?http://mirror.ghettoforge.org. But `http` is confusing me. Is there any plans to add https to the mirror? Regards, Eugene Glotov. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ghettoforge.org/pipermail/users/attachments/20190416/f51ba3e7/attachment.html From peter at pajamian.dhs.org Wed Apr 17 19:42:05 2019 From: peter at pajamian.dhs.org (Peter) Date: Thu, 18 Apr 2019 14:42:05 +1200 Subject: [GF-Users] Any chance to have https for mirror.ghettoforge.org? In-Reply-To: References: <642931d1-32ec-45a5-9192-b6a1886fca06@Spark> Message-ID: <71aecce5-9129-1bb1-a77b-f6a87702c3ce@pajamian.dhs.org> On 16/04/19 8:46 PM, Eugene Glotov wrote: > I found a useful package located on http://mirror.ghettoforge.org > . But `http` is confusing me. Is there > any plans to add https to the mirror? No. The packages are not exactly private data, so there is no reason to encrypt the content and the packages themselves are signed so there is no reason for the connection to be secure. Keep in mind that while this mirror is run by GhettoForge, it is not uncommon for projects to use multiple mirrors run by different entites and as such the only way to actually trust the content on the mirrors is if the packages themselves are signed. It's up the the mirror providers themselves if they wish to offer https or not, but doing so does not make the packages themselves any more secure. Peter