SSL downloading of resources from tarballs

Bug #1325373 reported by Khai Do
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Core Infrastructure

Bug Description

built artifacts from openstack ci infrastructor are uploaded to and then downloaded for consumption. It's currently only supports http, it would be more secure if it also supports a https connection.

Revision history for this message
Jeremy Stanley (fungi) wrote :

I agree this is something we should eventually do, however the tarballs site is not intended as a primary distribution endpoint (we separately publish Python clients and libraries to PyPI and servers to Launchpad).

Also, the fact that there is no encryption when connecting to is relatively obvious, so I think we should switch this bug report from private to public. There's no actual benefit to keeping it secret.

Changed in openstack-ci:
status: New → Triaged
importance: Undecided → Medium
milestone: none → juno
Revision history for this message
Jeremy Stanley (fungi) wrote :

Switched from private security to public after conferring with Khai in IRC.

information type: Private Security → Public
Jeremy Stanley (fungi)
Changed in openstack-ci:
milestone: juno → kilo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.