Return-Path: X-Original-To: distix@pieni.net Delivered-To: distix@pieni.net Received: from bagpuss.pepperfish.net (bagpuss.pepperfish.net [148.251.8.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pieni.net (Postfix) with ESMTPS id DB625236F0 for ; Thu, 23 Mar 2017 10:47:09 +0100 (CET) Received: from platypus.pepperfish.net (unknown [10.112.100.20]) by bagpuss.pepperfish.net (Postfix) with ESMTP id 305A4B1D; Thu, 23 Mar 2017 09:47:08 +0000 (GMT) Received: from ip6-localhost ([::1] helo=platypus.pepperfish.net) by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) id 1cqzKk-0006q9-FS; Thu, 23 Mar 2017 09:47:07 +0000 Received: from inmail0 ([10.112.100.10] helo=mx0.pepperfish.net) by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) id 1cqzKe-0006oY-KS for ; Thu, 23 Mar 2017 09:47:00 +0000 Received: from o169.p8.mailjet.com ([87.253.233.169]) by mx0.pepperfish.net with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1cqzKK-00063I-2R for obnam-dev@obnam.org; Thu, 23 Mar 2017 09:47:00 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; q=dns/txt; d=bnc3.mailjet.com; i=arunisaac=3Dsystemreboot.net@bnc3.mailjet.com; s=mailjet; h=message-id:mime-version:from:to:subject:date:list-unsubscribe:cc:in-reply-to: references:x-csa-complaints:x-mj-mid:content-type:content-transfer-encoding; bh=BEL2f08Nf1agZsVqIAlUmEFwNc8=; b=Vom5w1PjF1i9FXFyIgk2M2yNmM9IL2rU79YzytDlOawhJ0sWp6ekHvyyK YG+tgJASUfaK/dlVxCgaH+xiv/l1SumKMKnC6HFn2zQRVyitEhihIbO8qTIP dCQjHJmQF0PwlZBDkiwaBpt+DNuxDlep5t75cGgTlV28/JmkDAvkaQ= Message-Id: MIME-Version: 1.0 From: Arun Isaac To: Lars Wirzenius Date: Thu, 23 Mar 2017 14:38:47 +0530 In-reply-to: <20170321163237.pwuwkmhglhpwbptw@liw.fi> References: <20170321163237.pwuwkmhglhpwbptw@liw.fi> X-CSA-Complaints: whitelist-complaints@eco.de X-MJ-Mid: AEMAIZKNz2QAAAAAAAAAAAOvGEsAAAACwQwAAAAAAAW9WABY05CrHTRT5sm0RtGl_LolNV4ooAAFgUc Content-Type: text/plain Content-Transfer-Encoding: quoted-printable X-Pepperfish-Transaction: ff4b-da71-318d-5a60 X-Spam-Score: -2.9 X-Spam-Score-int: -28 X-Spam-Bar: -- X-Scanned-By: pepperfish.net, Thu, 23 Mar 2017 09:47:00 +0000 X-Spam-Report: Content analysis details: (-2.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [87.253.233.169 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-ACL-Warn: message may be spam X-Scan-Signature: 2e65f5179848bd99ed9586f9b1c7ce7e Cc: obnam-dev@obnam.org Subject: Re: HTTPS for cgit instance on which obnam is hosted X-BeenThere: obnam-dev@obnam.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Obnam development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: obnam-dev-bounces@obnam.org Errors-To: obnam-dev-bounces@obnam.org > Some day. Sorry I can't promise anything more concrete than that. No real hurry as such. Take your time. > In that case what you want is to verify the data that is downloaded. > HTTPS does nothing to guarantee that the file you download is the one > I uploaed. At the moment that means following the signature chain in > the APT repository down to the individual tarball. I was also concerned about general privacy on the web, preventing javascript injection by the ISP (my ISP does this often), etc. > One day I will make my CI produced detached signatures for the > tarballs. Yes, that would be nice as well. = _______________________________________________ obnam-dev mailing list obnam-dev@obnam.org http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org