OpenStack Core Infrastructure

SSL downloading of resources from tarballs

Bug #1325373 reported by Khai Do on 2014-06-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Core Infrastructure	Triaged	Medium	Unassigned	OpenStack Core Infrastructure kilo

Bug Description

built artifacts from openstack ci infrastructor are uploaded to http://tarballs.openstack.org and then downloaded for consumption. It's currently only supports http, it would be more secure if it also supports a https connection.

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-06-01:

I agree this is something we should eventually do, however the tarballs site is not intended as a primary distribution endpoint (we separately publish Python clients and libraries to PyPI and servers to Launchpad).

Also, the fact that there is no encryption when connecting to http://tarballs.openstack.org/ is relatively obvious, so I think we should switch this bug report from private to public. There's no actual benefit to keeping it secret.

Changed in openstack-ci:
status:	New → Triaged
importance:	Undecided → Medium
milestone:	none → juno

Revision history for this message

Jeremy Stanley (fungi) wrote on 2014-06-04:

Switched from private security to public after conferring with Khai in IRC.

information type:

Private Security → Public

Jeremy Stanley (fungi) on 2014-10-27

Changed in openstack-ci:
milestone:	juno → kilo

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.