[OpenIndiana-discuss] OI Hipster 2016.04 snapshot

Gary Gendel gary at genashor.com
Mon May 2 19:22:18 UTC 2016


On 05/02/2016 03:12 PM, Nikola M wrote:
> On 05/ 2/16 08:45 PM, Tim Mooney wrote:
>> In regard to: Re: [OpenIndiana-discuss] OI Hipster 2016.04 snapshot, 
>> Nikola...:
>>
>>> New location is http://pkg.openindiana.org/hipster
>>
>> Does IPS not support TLS?
>>
>> It just strikes me as weird every time I see URLs for repos that aren't
>> https.  That should really be the default, if not only, option these 
>> days.
>
> Huh, that is a good question.
> Actually IPS does and even allows you to make your own publisher with 
> your issued keys where packages can be accessible only to those having 
> private keys issued. (if one want to distribute packages only to 
> specific users)
>
> Regarding OI's publishers of having https:// it is in the process of 
> deciding what CA/issuer to use for openindiana.org.
>
I've been using letsencrypt.org.  Certificates are free and renewals can 
be totally automated.  I use the bash client via a weekly cron job that 
auto-renews it when it gets less than 30 days until expiration.  This 
way I get 3 or four tries in before it actually expires (just in case 
there is  a network issue).  You can do it as often as you want since it 
is a lightweight check.  I love that it's a setup and forget system.

Gary



More information about the openindiana-discuss mailing list