[OpenIndiana-discuss] OI Hipster 2016.04 snapshot
Gary Gendel
gary at genashor.com
Mon May 2 19:22:18 UTC 2016
On 05/02/2016 03:12 PM, Nikola M wrote:
> On 05/ 2/16 08:45 PM, Tim Mooney wrote:
>> In regard to: Re: [OpenIndiana-discuss] OI Hipster 2016.04 snapshot,
>> Nikola...:
>>
>>> New location is http://pkg.openindiana.org/hipster
>>
>> Does IPS not support TLS?
>>
>> It just strikes me as weird every time I see URLs for repos that aren't
>> https. That should really be the default, if not only, option these
>> days.
>
> Huh, that is a good question.
> Actually IPS does and even allows you to make your own publisher with
> your issued keys where packages can be accessible only to those having
> private keys issued. (if one want to distribute packages only to
> specific users)
>
> Regarding OI's publishers of having https:// it is in the process of
> deciding what CA/issuer to use for openindiana.org.
>
I've been using letsencrypt.org. Certificates are free and renewals can
be totally automated. I use the bash client via a weekly cron job that
auto-renews it when it gets less than 30 days until expiration. This
way I get 3 or four tries in before it actually expires (just in case
there is a network issue). You can do it as often as you want since it
is a lightweight check. I love that it's a setup and forget system.
Gary
More information about the openindiana-discuss
mailing list