[LAD] https for linuxaudio.org

[Jeremy Jongepier]

Hello David,

> I'm currently taking over a bunch of packages for Arch Linux (mainly
> pro-audio stuff).
> Would it be possible to implement letsencrypt for linuxaudio.org and all
> of its subdomains?

It's possible for linuxaudio.org but not for all the subdomains. the
linuxaudio.org server is a shared server that hosts projects of a
variety of organizations and people. root at linuxaudio.org can't enforce
the usage of SSL for all users, it's a decision the users have to take.

> This would greatly improve the security of the packages hosted there (or
> rather their transfer from the server to the build machine) and help for
> said packages not to be dropped, as more and more distros try to switch
> to more reliable and authenticatable (is that a word?) upstreams.
> Additionally, there is the benefit of raising privacy for users of all
> things hosted on linuxaudio.org.
> 
> An example are all sources hosted here (all of which are packages in
> Arch's main repos):
> http://kokkinizita.linuxaudio.org/linuxaudio/downloads/index.htm
That happens to be a subdomain root at linuxaudio.org does not maintain,
you will have to ask the owner of that subdomain if implementing HTTPS
is an option. If the owner is OK with that root at linuxaudio.org can
implement it.

Jeremy
root at linuxaudio.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxaudio.org/pipermail/linux-audio-dev/attachments/20171121/d627476f/attachment.pgp>