Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 672830 - distfiles.gentoo.org does not offer SSL
Summary: distfiles.gentoo.org does not offer SSL
Status: RESOLVED CANTFIX
Alias: None
Product: Websites
Classification: Unclassified
Component: Gentoo Website (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Website Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-09 18:48 UTC by Ash
Modified: 2018-12-10 07:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ash 2018-12-09 18:48:35 UTC
The SSL certificate for https://distfiles.gentoo.org is broken

"The certificate does not apply to the given host"
Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2018-12-09 21:37:49 UTC
distfiles.gentoo.org has never had SSL, because we don't control those hosts, despite the domain name.

It is merely a round-robin DNS name to our many mirror hosts.

The security instead comes from external sources such as manifested repositories for source downloads and GPG signed stage3 downloads.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2018-12-10 07:09:01 UTC
1.
If you don't mind added latency, you can use the distfiles target of bouncer:
https://bouncer.gentoo.org/fetch/distfiles/all/
(append the filename you want afterwards)
It will not downgrade your request to HTTP (requests MAY be upgraded, but not downgraded).

2.
You can see in the mirror data that about half of the mirrors have SSL (28 of 59).
https://www.gentoo.org/downloads/mirrors/
intermediate form:
https://gitweb.gentoo.org/data/api.git/tree/files/mirrors/distfiles.xml

3.
If you see somewhere that explicitly has "https://distfiles.gentoo.org/" written, please report it as a new bug, it should be changed to http:// explicitly.