New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a way to specify you want only https urls from metalink #100

Closed
nirik opened this Issue Jun 22, 2015 · 5 comments

Comments

Projects
None yet
4 participants
@nirik
Member

nirik commented Jun 22, 2015

Some folks want all their traffic to use ssl, we should offer a option to the metalink url that makes it return just https using mirrors. Something like ?method=https or the like in the url.

Along with this we might consider mailing mirror admins and asking if they would update to https where they have https available.

Once enough mirrors offered https we could make it the default perhaps.

@adrianreber

This comment has been minimized.

Show comment
Hide comment
@adrianreber

adrianreber Jun 24, 2016

Member

This is now running on the Fedora production systems.

Member

adrianreber commented Jun 24, 2016

This is now running on the Fedora production systems.

@mdomsch

This comment has been minimized.

Show comment
Hide comment
@mdomsch

mdomsch Jun 24, 2016

Member

Glad to see this, but the whole point of metalinks is to let the clients
decide what they want to use - give them all the possible URLs and then
they choose what they want. This properly belongs in a dnf configuration,
not MM2. As it stands, the user now has to change the dnf configuration
anyhow, to add the specifier on the metalink URL.

On Jun 22, 2015 1:33 PM, "Kevin Fenzi" notifications@github.com wrote:

Some folks want all their traffic to use ssl, we should offer a option to
the metalink url that makes it return just https using mirrors. Something
like ?method=https or the like in the url.

Along with this we might consider mailing mirror admins and asking if they
would update to https where they have https available.

Once enough mirrors offered https we could make it the default perhaps.


Reply to this email directly or view it on GitHub
#100.

Member

mdomsch commented Jun 24, 2016

Glad to see this, but the whole point of metalinks is to let the clients
decide what they want to use - give them all the possible URLs and then
they choose what they want. This properly belongs in a dnf configuration,
not MM2. As it stands, the user now has to change the dnf configuration
anyhow, to add the specifier on the metalink URL.

On Jun 22, 2015 1:33 PM, "Kevin Fenzi" notifications@github.com wrote:

Some folks want all their traffic to use ssl, we should offer a option to
the metalink url that makes it return just https using mirrors. Something
like ?method=https or the like in the url.

Along with this we might consider mailing mirror admins and asking if they
would update to https where they have https available.

Once enough mirrors offered https we could make it the default perhaps.


Reply to this email directly or view it on GitHub
#100.

@adrianreber

This comment has been minimized.

Show comment
Hide comment
@adrianreber

adrianreber Jun 24, 2016

Member

Yes, I agree with @mdomsch. The official way to make metalink clients use HTTPS must be different. This needs some additional work on other parts (could be dnf). At least there is now a way for people who want to use it and we also know that it works and it is a starting point. It was also a good way to get more HTTPS URLs in the database. But, yes, now that more HTTPS URLs are in the database an option to make dnf prefer HTTPS URLs if available in the metalink sounds like a good idea.

Member

adrianreber commented Jun 24, 2016

Yes, I agree with @mdomsch. The official way to make metalink clients use HTTPS must be different. This needs some additional work on other parts (could be dnf). At least there is now a way for people who want to use it and we also know that it works and it is a starting point. It was also a good way to get more HTTPS URLs in the database. But, yes, now that more HTTPS URLs are in the database an option to make dnf prefer HTTPS URLs if available in the metalink sounds like a good idea.

@nirik

This comment has been minimized.

Show comment
Hide comment
@nirik

nirik Jun 24, 2016

Member

Sure, that makes some sense... I can ask dnf / librepo maintainers about options there.

Member

nirik commented Jun 24, 2016

Sure, that makes some sense... I can ask dnf / librepo maintainers about options there.

@nirik

This comment has been minimized.

Show comment
Hide comment
@nirik

nirik Jun 24, 2016

Member

And there is already https://bugzilla.redhat.com/show_bug.cgi?id=1229050 (dnf should provide a protocol option) and https://bugzilla.redhat.com/show_bug.cgi?id=1273051 (librepo should provide a supported protocol list).

Member

nirik commented Jun 24, 2016

And there is already https://bugzilla.redhat.com/show_bug.cgi?id=1229050 (dnf should provide a protocol option) and https://bugzilla.redhat.com/show_bug.cgi?id=1273051 (librepo should provide a supported protocol list).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment