1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
Return-Path: <obnam-dev-bounces@obnam.org>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from bagpuss.pepperfish.net (bagpuss.pepperfish.net [148.251.8.16])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pieni.net (Postfix) with ESMTPS id DB625236F0
for <distix@pieni.net>; Thu, 23 Mar 2017 10:47:09 +0100 (CET)
Received: from platypus.pepperfish.net (unknown [10.112.100.20])
by bagpuss.pepperfish.net (Postfix) with ESMTP id 305A4B1D;
Thu, 23 Mar 2017 09:47:08 +0000 (GMT)
Received: from ip6-localhost ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1cqzKk-0006q9-FS; Thu, 23 Mar 2017 09:47:07 +0000
Received: from inmail0 ([10.112.100.10] helo=mx0.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1cqzKe-0006oY-KS
for <obnam-dev@obnam.org>; Thu, 23 Mar 2017 09:47:00 +0000
Received: from o169.p8.mailjet.com ([87.253.233.169])
by mx0.pepperfish.net with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.80) (envelope-from
<eb6461b4.AEMAIZKNz2QAAAAAAAAAAAOvGEsAAAACwQwAAAAAAAW9WABY05Cr@bnc3.mailjet.com>)
id 1cqzKK-00063I-2R
for obnam-dev@obnam.org; Thu, 23 Mar 2017 09:47:00 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; q=dns/txt;
d=bnc3.mailjet.com; i=arunisaac=3Dsystemreboot.net@bnc3.mailjet.com; s=mailjet;
h=message-id:mime-version:from:to:subject:date:list-unsubscribe:cc:in-reply-to:
references:x-csa-complaints:x-mj-mid:content-type:content-transfer-encoding;
bh=BEL2f08Nf1agZsVqIAlUmEFwNc8=;
b=Vom5w1PjF1i9FXFyIgk2M2yNmM9IL2rU79YzytDlOawhJ0sWp6ekHvyyK
YG+tgJASUfaK/dlVxCgaH+xiv/l1SumKMKnC6HFn2zQRVyitEhihIbO8qTIP
dCQjHJmQF0PwlZBDkiwaBpt+DNuxDlep5t75cGgTlV28/JmkDAvkaQ=
Message-Id: <eb6461b4.AEMAIZKNz2QAAAAAAAAAAAOvGEsAAAACwQwAAAAAAAW9WABY05Cr@mailjet.com>
MIME-Version: 1.0
From: Arun Isaac <arunisaac@systemreboot.net>
To: Lars Wirzenius <liw@liw.fi>
Date: Thu, 23 Mar 2017 14:38:47 +0530
In-reply-to: <20170321163237.pwuwkmhglhpwbptw@liw.fi>
References: <cu7h9343mxv.fsf@systemreboot.net>
<CAMto89AzF1Q0u5qNutPmwW6FPovPHKj7qYauvEvVoro8X3Bbzg@mail.gmail.com>
<cu7fuio2wll.fsf@systemreboot.net> <20170321163237.pwuwkmhglhpwbptw@liw.fi>
X-CSA-Complaints: whitelist-complaints@eco.de
X-MJ-Mid: AEMAIZKNz2QAAAAAAAAAAAOvGEsAAAACwQwAAAAAAAW9WABY05CrHTRT5sm0RtGl_LolNV4ooAAFgUc
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
X-Pepperfish-Transaction: ff4b-da71-318d-5a60
X-Spam-Score: -2.9
X-Spam-Score-int: -28
X-Spam-Bar: --
X-Scanned-By: pepperfish.net, Thu, 23 Mar 2017 09:47:00 +0000
X-Spam-Report: Content analysis details: (-2.9 points)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust [87.253.233.169 listed in list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-ACL-Warn: message may be spam
X-Scan-Signature: 2e65f5179848bd99ed9586f9b1c7ce7e
Cc: obnam-dev@obnam.org
Subject: Re: HTTPS for cgit instance on which obnam is hosted
X-BeenThere: obnam-dev@obnam.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Obnam development discussions <obnam-dev-obnam.org>
List-Unsubscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/obnam-dev-obnam.org>
List-Post: <mailto:obnam-dev@obnam.org>
List-Help: <mailto:obnam-dev-request@obnam.org?subject=help>
List-Subscribe: <http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org>,
<mailto:obnam-dev-request@obnam.org?subject=subscribe>
Sender: obnam-dev-bounces@obnam.org
Errors-To: obnam-dev-bounces@obnam.org
> Some day. Sorry I can't promise anything more concrete than that.
No real hurry as such. Take your time.
> In that case what you want is to verify the data that is downloaded.
> HTTPS does nothing to guarantee that the file you download is the one
> I uploaed. At the moment that means following the signature chain in
> the APT repository down to the individual tarball.
I was also concerned about general privacy on the web, preventing
javascript injection by the ISP (my ISP does this often), etc.
> One day I will make my CI produced detached signatures for the
> tarballs.
Yes, that would be nice as well.
=
_______________________________________________
obnam-dev mailing list
obnam-dev@obnam.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-dev-obnam.org
|
