SSL downloading of resources from tarballs

Bug #1325373 reported by Khai Do on 2014-06-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Core Infrastructure

Bug Description

built artifacts from openstack ci infrastructor are uploaded to and then downloaded for consumption. It's currently only supports http, it would be more secure if it also supports a https connection.

Jeremy Stanley (fungi) wrote :

I agree this is something we should eventually do, however the tarballs site is not intended as a primary distribution endpoint (we separately publish Python clients and libraries to PyPI and servers to Launchpad).

Also, the fact that there is no encryption when connecting to is relatively obvious, so I think we should switch this bug report from private to public. There's no actual benefit to keeping it secret.

Changed in openstack-ci:
status: New → Triaged
importance: Undecided → Medium
milestone: none → juno
Jeremy Stanley (fungi) wrote :

Switched from private security to public after conferring with Khai in IRC.

information type: Private Security → Public
Jeremy Stanley (fungi) on 2014-10-27
Changed in openstack-ci:
milestone: juno → kilo
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers