SSL downloading of resources from tarballs

Bug #1325373 reported by Khai Do on 2014-06-01
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Core Infrastructure
Triaged
Medium
Unassigned

Bug Description

built artifacts from openstack ci infrastructor are uploaded to http://tarballs.openstack.org and then downloaded for consumption. It's currently only supports http, it would be more secure if it also supports a https connection.

Jeremy Stanley (fungi) wrote :

I agree this is something we should eventually do, however the tarballs site is not intended as a primary distribution endpoint (we separately publish Python clients and libraries to PyPI and servers to Launchpad).

Also, the fact that there is no encryption when connecting to http://tarballs.openstack.org/ is relatively obvious, so I think we should switch this bug report from private to public. There's no actual benefit to keeping it secret.

Changed in openstack-ci:
status: New → Triaged
importance: Undecided → Medium
milestone: none → juno
Jeremy Stanley (fungi) wrote :

Switched from private security to public after conferring with Khai in IRC.

information type: Private Security → Public
Jeremy Stanley (fungi) on 2014-10-27
Changed in openstack-ci:
milestone: juno → kilo
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers