[OmniOS-discuss] https://pkg.omniti.com (was: SECURITY UPDATE FOR OpenSSL & Perl; plus other fixes)

Ben Summers ben at bens.me.uk
Wed Mar 2 11:08:51 UTC 2016


> On 2 Mar 2016, at 11:06, qutic development <mailinglists at qutic.com> wrote:
> 
> Hi Dan,
> 
>> Am 01.03.2016 um 21:23 schrieb Dan McDonald <danmcd at omniti.com>:
>> 
>> We're working out the best course of forward action.  That people still *use* SSLv2 post-2010 amazes me, but apparently I shouldn't be amazed.
> 
> I would like to connect via https to the omnios repos under pkg.omniti.com.
> 
> Would that be possible in the near future?


This was rejected previously due to the significant additional latency of https.

Now that packages are signed properly, you don't need https to assure integrity of the software.

If you wish to avoid disclosing your updates to passive observers, you could use a local mirror.

Ben





More information about the OmniOS-discuss mailing list