Tails

#1 Updated by sajolida 2016-02-13 12:09:16

• blocked by Feature #11120: Check if all the servers behind archive.torproject.org serve our files added

#2 Updated by intrigeri 2016-02-13 12:51:29

• Subject changed from Ask archive.torproject.org if they are find with been the only mirror for release candidates to Ask archive.torproject.org if they are fine with being the only mirror for release candidates

#3 Updated by intrigeri 2016-02-13 12:55:07

• Subject changed from Ask archive.torproject.org if they are fine with being the only mirror for release candidates to Ask archive.torproject.org administrators if they are fine with being the only mirror for release candidates

#5 Updated by sajolida 2016-02-14 12:42:43

• Status changed from Confirmed to In Progress
• Type of work changed from Communicate to Wait

Done.

#6 Updated by sajolida 2016-02-21 18:48:28

• Status changed from In Progress to Resolved
• Assignee deleted (sajolida)

The answer is that they don’t want to serve many downloads on archive.torproject.org but they would be ok with serving them elsewhere. While investigating this, and keeping in mind that the objective here is to provide HTTPS-secure downloads, we realized that the rsync that we are doing to push the images are not secured. We should work on this, that’s Bug #11152. weasel wasn’t strict about blocking this ticket by Bug #11152 but still, this added to the fact that they would have to install something new for this usecase made me think that it’s super cool if they do it but that we shouldn’t go after them if they don’t.

So for me this is done. Worse case we don’t have HTTPS downloads for release candidates and only provide OpenPGP verification which is status quo.