| ShorTie | what happened too https://deb.devuan.org/devuan/pool/main/ ?? | 04:11 |
|---|---|---|
| ShorTie | all i get is Your connection isn't private | 04:12 |
| DPA | ShorTie: It's just the browser. The mirrors won't use https, since they are served by independent volunteers. The repo is still signed, so plain http is fine. | 09:35 |
| DPA | Google Chrome forces https, which seams to be a hsts issue. devuan.org is i chromes hsts list. Can be checked in chrome://net-internals/#hsts, enter "deb.devuan.org" in the "Query HSTS/PKP domain" field. will output: | 09:35 |
| DPA | > static_sts_domain: devuan.org | 09:35 |
| DPA | > static_upgrade_mode: FORCE_HTTPS | 09:35 |
| DPA | > static_sts_include_subdomains: true | 09:35 |
| DPA | I don't know how it got there, devuan.org doesn't seam to set the header, though, so I don't know how it got there. www.devuan.org does, but that should be a different domain... | 09:35 |
| DPA | I absolutely hate HSTS, HPKP and MTA-STS. It's persistent is dangerouse to sites that don't use it and it causes more problems than it solves. | 09:35 |
| ShorTie | NET::ERR_CERT_COMMON_NAME_INVALID | 10:23 |
| ShorTie | Subject: ftp.fau.de | 10:24 |
| ShorTie | Issuer: DFN-Verein Global Issuing CA | 10:24 |
| ShorTie | Expires on: Jun 16, 2021 | 10:24 |
| ShorTie | Current date: Aug 5, 2020 | 10:24 |
| ShorTie | PEM encoded chain: | 10:24 |
| ShorTie | this is edge by the way | 10:25 |
| DPA | ShorTie: The master repo is https://pkgmaster.devuan.org/ | 10:36 |
| DPA | deb.devuan.org is DNS round robin pointing directly to a random mirror from a volunteer, one of: https://pkgmaster.devuan.org/mirror_list.txt | 10:36 |
| DPA | Naturally, those mirrors can't all have a valid SSL cert for the domain deb.devuan.org, or rather, it'd be pointless if those had. | 10:36 |
| DPA | They should be accessed directly http only, using apt, without using https. APT will check the package list signatures, which are domain independent. | 10:36 |
| DPA | If chrome is used to access the site, it will force switch to https, which can't work for deb.devuan.org. That is due to it somehow having gotten a HSTS entry for devuan.org. | 10:36 |
| DPA | This does not pose a security risk. Overall, this is all normal and expected, it works the way it's supposed to. | 10:36 |
| bgstack15 | Devuan meet tomorrow at 20:30 UTC: Pad is https://pad.dyne.org/code/#/2/code/edit/9GyvuG8oXWyKN4sbOjX0unej/ | 13:00 |
| ShorTie | i don't see any build stuff there | 13:49 |
| ShorTie | sorry, found it | 13:51 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!