21 Nov
2017
21 Nov
'17
10:49 a.m.
Hello David,
I'm currently taking over a bunch of packages for
Arch Linux (mainly
pro-audio stuff).
Would it be possible to implement letsencrypt for linuxaudio.org and all
of its subdomains?
It's possible for linuxaudio.org but not for all the subdomains. the
linuxaudio.org server is a shared server that hosts projects of a
variety of organizations and people. root(a)linuxaudio.org can't enforce
the usage of SSL for all users, it's a decision the users have to take.
This would greatly improve the security of the
packages hosted there (or
rather their transfer from the server to the build machine) and help for
said packages not to be dropped, as more and more distros try to switch
to more reliable and authenticatable (is that a word?) upstreams.
Additionally, there is the benefit of raising privacy for users of all
things hosted on linuxaudio.org.
An example are all sources hosted here (all of which are packages in
Arch's main repos):
http://kokkinizita.linuxaudio.org/linuxaudio/downloads/index.htm
That happens to be
a subdomain root(a)linuxaudio.org does not maintain,
you will have to ask the owner of that subdomain if implementing HTTPS
is an option. If the owner is OK with that root(a)linuxaudio.org can
implement it.
Jeremy
root(a)linuxaudio.org