Bug#893980: www.debian.org: Many mirrors have no or untrusted HTTPS certificates

[Martin Monperrus]

Package: www.debian.org
Severity: normal

Dear Maintainer,

Switching my APT config to HTTPS, I notice that many mirrors either do not
support HTTPS or have untrusted HTTPS certificates (eg https://mirror-
csail.debian.org/)

It would be great to update the reference page
https://www.debian.org/mirror/list to clearly show all mirrors supporting HTTPS
with a valid certificate.



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#893980: www.debian.org: Many mirrors have no or untrusted HTTPS certificates

[Paul Wise]

On Sun, Mar 25, 2018 at 5:37 AM, Martin Monperrus wrote:

> Switching my APT config to HTTPS, I notice that many mirrors either do not
> support HTTPS or have untrusted HTTPS certificates

This isn't something the Debian website team can fix, please contact
the admin for each mirror individually.

> (eg https://mirror-csail.debian.org/)

That hostname is not a public Debian mirror and doesn't support https,
what gave you the impression it was?

> It would be great to update the reference page
> https://www.debian.org/mirror/list to clearly show all mirrors supporting 
> HTTPS
> with a valid certificate.

The primary mirrors ftp.*.debian.org cannot support https because the
mirror team have to be able to repoint the domains at different
mirrors when one goes down.

The Debian mirror team don't keep track of https support for the
secondary mirrors so the website team cannot add information about
that to the website.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise