From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 362B51382C5 for ; Sat, 13 Feb 2021 17:32:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 81197E092A; Sat, 13 Feb 2021 17:32:57 +0000 (UTC) Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 67203E0918 for ; Sat, 13 Feb 2021 17:32:57 +0000 (UTC) Received: by mail-ej1-x62c.google.com with SMTP id g5so1191512ejt.2 for ; Sat, 13 Feb 2021 09:32:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gentoo-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+4TDSbv946UfBPBR2AUb8mDV/6YNY8+WTxQkc70MLiQ=; b=aV72LT6wwmc+nNceDd8s46aUe5sBkH+3EkGJNHL75DA+TP5LVyKT1GlIovOeDNvGQZ Gydka6oSRV4BOOUYMLAvZq8+6j2BLzVejjLpwC/UakqeIuhi2KyO7o5PlMGHbbB/HuhN IQDPHkprRoP0J+ZPcQFtzWFFtFAI6JIfPZFE+qSrIjXQ2ocYY/OS2fg8uym/W/jj3kvn 4L+5KxfmSYMfj5fSozx4RNrin48/K5b8KMJVpSguMm6uz0rh7t85UwRJ//Rl2uElnIJO h4VT/ID/A2N7+SdtQ8IXCPnUMYzaeXbaZpDwFZvv+6sFnJlrxqMNTkUqH06IGYloEJsb 978w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+4TDSbv946UfBPBR2AUb8mDV/6YNY8+WTxQkc70MLiQ=; b=b20Z6D/5GM8A8oKmex65NyQswtRkZFDHRyKqJB31aDgkZWWDtU5QXqUUKAr0O+HX/j AKfv6aX2F8PCk/hIn75vYFqrO+mudK3+tB1MU+BRBsWlWShLrAREJb/UwBSSj8UGxU9W 3rrHGrJy0O4iZDVmC9R760lExTfnAw1csIjJyUldcuM4Krnx5gdHYf+6RA9ZYYRFgLHq +VxptTmqwfCpoPwvi7ZPJyIJWWO29kRkmqs6zAF2T2poreyaBdZvvP5CQX9zVkdv8nGp 1cYqJLBAcKXu/8V2So++7kIuGUFW/7UPHbZJWHJKmLDoOSLseQatEFAgHEj35mDZQ8Gi FsGw== X-Gm-Message-State: AOAM531X0w+MyVefEm2P2F8gyx/zI8rMDW1et3WzFTdGrrpbrqmAf2W8 2aZaLjq/oTJ5JNjErrmiffKV/YxS6CX/clEVIl5WrdJwIEJzL8SQ X-Google-Smtp-Source: ABdhPJwk1rxWDLPFDD/UT6CNpfs5NoI28OiOLLb6UrPPB5tcXI5IWY5Z3ZNotg6TXy89pQ6DvQ6osG0jfj8zYjatYJE= X-Received: by 2002:a17:906:3ac3:: with SMTP id z3mr8208817ejd.449.1613237575672; Sat, 13 Feb 2021 09:32:55 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <5455c0ba-0ec9-de7f-617c-1350eea8b405@gentoo.org> In-Reply-To: <5455c0ba-0ec9-de7f-617c-1350eea8b405@gentoo.org> From: Alec Warner Date: Sat, 13 Feb 2021 09:32:44 -0800 Message-ID: Subject: Re: [gentoo-project] RFC: Removing http:// mirror URLs where https:// is available To: gentoo-project Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 67dee627-cbc3-4ac3-b499-02d20967d9c5 X-Archives-Hash: db3c7736e22bc2315fa8761d8db90237 On Fri, Feb 12, 2021, 04:37 Joonas Niilola wrote: > > Hey, > > First of all I'm asking because I don't know, but are there any > technical limitations why we should still be showing http:// mirrors > when https:// is available? I've just gone through multiple mirrors > listed in https://www.gentoo.org/downloads/mirrors/ and most of them > even redirect http requests to their https site. > So my recollection is that on the install media, openssl has USE=bindist[0] set, which prevents installation of EC TLS support. I expect this to be resolved ..hopefully this year. The impact is that on the installation media, you may not be able to talk to servers that *only* offer EC-based TLS, as the openssl on the installation media does not support EC-based TLS. [0] Because patents, which may or may not be expired. See http://bugs.gentoo.org/531540