[llvm-bugs] [Bug 31479] New: Provide ability to download gpg key via https
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue Dec 27 05:07:41 PST 2016
https://llvm.org/bugs/show_bug.cgi?id=31479
Bug ID: 31479
Summary: Provide ability to download gpg key via https
Product: Packaging
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: deb packages
Assignee: unassignedbugs at nondot.org
Reporter: grossws at gmail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Install commands on [1] include adding unchecked gpg key [2] downloaded via
plain http to Debian/Ubuntu apt trust store. These key should be downloaded via
https.
As a simple solution to this I'll suggest using LetsEncrypt cert with automatic
renew (their certs currently have validity of 3 months).
[1]: http://apt.llvm.org/
[2]: http://apt.llvm.org/llvm-snapshot.gpg.key
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20161227/3daf5006/attachment.html>
More information about the llvm-bugs
mailing list