Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 563726 - profiles/thirdpartymirrors - openssl mirror group 4/16 mirrors bad
Summary: profiles/thirdpartymirrors - openssl mirror group 4/16 mirrors bad
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Eclasses (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-21 21:15 UTC by Ben Kohler
Modified: 2015-10-27 04:16 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ben Kohler gentoo-dev 2015-10-21 21:15:31 UTC 
Hello,

I've used a script to check the usability of the openssl mirror group and 4 of 16 servers seem to be bad.  These bad servers could simply be removed from the list, but I'm not sure there is any value to continuing to maintain this list.

It's only used by openssl, and there is no mirror restriction so almost all fetches will hit gentoo servers anyway.  Not much is gained by distributing these other fetches across a bunch of upstream mirrors.

I would suggest either reducing the mirror group to a single entry, or replacing mirror://openssl/ with ftp://ftp.openssl.org/ in the openssl ebuilds.

Thanks!

Testing "openssl" mirror group...
good: ftp://ftp.openssl.org
good: ftp://mirror.switch.ch/mirror/openssl/
good: http://mirror.switch.ch/ftp/mirror/openssl/
good: ftp://ftp.pca.dfn.de/pub/tools/net/openssl/
good: ftp://sunsite.uio.no/pub/security/openssl/
good: ftp://ftp.sunet.se/pub/security/tools/net/openssl/
good: ftp://gd.tuwien.ac.at/infosys/security/openssl/
bad:  ftp://ftp.kfki.hu/pub/packages/security/openssl/
good: ftp://guest.kuria.katowice.pl/pub/openssl/
good: ftp://ftp.fi.muni.cz/pub/openssl/
bad:  ftp://ftp.linux.hr/pub/openssl/
good: http://openssl.parentinginformed.com/
bad:  http://openssl.initrd.net/
bad:  ftp://ftp.tpnet.pl/pub/security/openssl/
good: http://openssl.skazkaforyou.com/
good: http://openssl.raffsoftware.com/
Comment 1 SpanKY gentoo-dev 2015-10-27 04:16:52 UTC 
ftp.kfki.hu works fine for me

ftp.linux.hr looks broken:
$ ftp -z nossl ftp.linux.hr
Connected to ftp.linux.hr.
220 Welcome to the ftp.linux.hr FTP service.
Name (ftp.linux.hr:vapier): anonymous
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/bla/ftp.linux.hr
Login failed.

openssl.initrd.net looks broken:
$ wget -nv http://openssl.initrd.net/
<timeout>
$ wget -nv https://openssl.initrd.net/
ERROR: no certificate subject alternative name matches
        requested host name ‘openssl.initrd.net’.
To connect to openssl.initrd.net insecurely, use `--no-check-certificate'.

ftp.tpnet.pl has an updated path

http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27aab77b98b521ac7aa52256c1b04b53856c3003