Mailinglist Archive: opensuse-factory (498 mails)

< Previous Next >
Re: [opensuse-factory] Is osc downloading RPM packages via HTTP?
  • From: Marcus Hüwe <suse-tux@xxxxxx>
  • Date: Thu, 19 May 2016 17:18:25 +0200
  • Message-id: <20160519151825.GA1632@linux>
On 2016-05-19 17:05:21 +0200, Mischa Salle wrote:
On Thu, May 19, 2016 at 03:08:59PM +0200, Marcus Hüwe wrote:
1. Should osc really be downloading package over http instead of

It shouldn' I don't know if it is possible in practice to ask
all mirror operators provide SSL enabled servers with valid

Well... for an rpm package http is not too bad, because we verify the
signature of the downloaded package (the pubkey is retrieved via https
(at least usually)).

Are they? The repository keys are typically downloaded from something
a URL at and as far as I know and there isn't a
https possible there. Is there another URL available?

osc fetches them directly from the api. For instance, the pubkey for the
openSUSE:Tools project can be retrieved via

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups