|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Proposed plan and URL name for new VM to download xen tarballs (ftp.xenproject.org)
On 08/08/16 12:43, Lars Kurth wrote: > Hi, > > as part of a number of tasks to move Xen Project websites to https, we > investigated whether we can move our tarballs to a new Xen Project owned > domain to download tarballs. Currently tarballs are stored on > http://bits.xensource.com, which is a http site only. We do not have > sufficient control of bits.xensource.com (which is an Akamai site) to convert > the site to https, and are thus potentially exposed to MiM attacks. > > To fix this, the current plan of record is to > - Copy existing tarballs to an existing or new VM > - To expose that VM via the new public URL ftp.xenproject.org (this is > non-browsable, thus ftp - we also already have > https://downloads.xenproject.org/ to host legacy content) > - To only publish new tarballs on https://ftp.xenproject.org The pedant in me thinks it's strange to have a server titled "ftp" that is speaking https rather than ftp. But we're apparently already using "downloads.xenproject.org" for something else, and I don't have a better name, so I suppose it will have to do. :-) -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |