libera/#devuan-dev/ Wednesday, 2020-08-05

ShorTiewhat happened too  ??04:11
ShorTieall i get is  Your connection isn't private04:12
DPAShorTie: It's just the browser. The mirrors won't use https, since they are served by independent volunteers. The repo is still signed, so plain http is fine.09:35
DPAGoogle Chrome forces https, which seams to be a hsts issue. is i chromes hsts list. Can be checked in chrome://net-internals/#hsts, enter "" in the "Query HSTS/PKP domain" field. will output:09:35
DPA> static_sts_domain: devuan.org09:35
DPA> static_upgrade_mode: FORCE_HTTPS09:35
DPA> static_sts_include_subdomains: true09:35
DPAI don't know how it got there, doesn't seam to set the header, though, so I don't know how it got there. does, but that should be a different domain...09:35
DPAI absolutely hate HSTS, HPKP and MTA-STS. It's persistent is dangerouse to sites that don't use it and it causes more problems than it solves.09:35
ShorTieSubject: ftp.fau.de10:24
ShorTieIssuer: DFN-Verein Global Issuing CA10:24
ShorTieExpires on: Jun 16, 202110:24
ShorTieCurrent date: Aug 5, 202010:24
ShorTiePEM encoded chain:10:24
ShorTiethis is edge by the way10:25
DPAShorTie: The master repo is is DNS round robin pointing directly to a random mirror from a volunteer, one of:
DPANaturally, those mirrors can't all have a valid SSL cert for the domain, or rather, it'd be pointless if those had.10:36
DPAThey should be accessed directly http only, using apt, without using https. APT will check the package list signatures, which are domain independent.10:36
DPAIf chrome is used to access the site, it will force switch to https, which can't work for That is due to it somehow having gotten a HSTS entry for
DPAThis does not pose a security risk. Overall, this is all normal and expected, it works the way it's supposed to.10:36
bgstack15Devuan meet tomorrow at 20:30 UTC: Pad is
ShorTiei don't see any build stuff there13:49
ShorTiesorry, found it13:51

Generated by 2.17.0 by Marius Gedminas - find it at!