Hello, On 08/11/2016 04:58 PM, Bruno Friedmann wrote:
even if download.o.o was serving https download.o.o is a redirector so you will get the key from one mirror which certainly not offer all https.
Some items are excluded from redirection, and that includes keys.
What to do ? Grab list of mirrors, and ask kindly to their hostmaster to install and support https Once all are done, things can be easily improved no ?
HTTPS (signed by *any* CA) is a downgrade in security compared to signed
metadata and packages.
Andreas
--
Andreas Stieger