search

concerto / concerto-debian

The Concerto Debian Package
4 stars 10 forks source link

add_repo.sh uses http to download public key #63

Open jgraef opened 7 years ago

jgraef commented 7 years ago 
wget -O - http://dl.concerto-signage.org/concerto_deb_public.key | sudo apt-key add -

This download uses plain HTTP, thus the authenticity of the public key is not guaranteed. It should be:

wget -O - https://dl.concerto-signage.org/concerto_deb_public.key | sudo apt-key add -
mfrederickson commented 7 years ago

@augustf the certificate has expired

$ wget -O - https://dl.concerto-signage.org/concerto_deb_public.key
--2017-02-23 15:25:50--  https://dl.concerto-signage.org/concerto_deb_public.key
Resolving dl.concerto-signage.org (dl.concerto-signage.org)... 173.232.104.112, 2607:ff28:0:a::303b:508e
Connecting to dl.concerto-signage.org (dl.concerto-signage.org)|173.232.104.112|:443... connected.
ERROR: cannot verify dl.concerto-signage.org's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
To connect to dl.concerto-signage.org insecurely, use `--no-check-certificate'.
sundhaug92 commented 5 years ago

Yeah they should turn on letsencrypt

mfrederickson commented 5 years ago

Hosting our apt repo on github might be a solution.