Marcus Meissner (meissner@suse.de) wrote on Tue, Oct 10, 2017 at 09:19:08AM -03:
With the availability of letsencrypt this can even be done without any additional costs.
There's a higher overhead on the machine, so "no additional costs" is an illusion... Further, there's no security bennefit because clients are able to check for hash mismatches using the distribution keys. There's also no privacy protection because if a man-in-the-middle watches your traffic they'll discover what you pulled from the IPs and sizes of the transfers. That's why we (opensuse.c3sl.ufpr.br) are against https for mirrors. However some recent developments are reducing the https burden, notably TLS in the kernel. It's not yet finished but since not all of the distribuitions will change immediately, we can already offer https for some now. This means we can offer https for opensuse (starting next week) if you officially decide that this is your policy and request it from mirrors. -- To unsubscribe, e-mail: mirror+unsubscribe@opensuse.org To contact the owner, email: mirror+owner@opensuse.org