[openstack-dev] [all] [stable] No longer doing stable point releases

Jeremy Stanley fungi at yuggoth.org
Mon Jun 8 15:46:22 UTC 2015

On 2015-06-08 00:25:47 +0200 (+0200), Alan Pevec wrote:
> BTW there's an issue re. verification that
> https://tarballs.openstack.org/ is using cert for
> security.openstack.org but should be easily fixed by infra.

Uh, nope. Try again. You're redirected to security.openstack.org if
you accept that cert. It's true that tarballs.openstack.org is a
vhost on the same system, but it's not intended as a secure source
of release artifacts at the moment and so is only served via HTTP.
We may at some point add HTTPS, but more likely we'll add detached
signatures along with the tarballs/wheels we upload there through
some sort of automation rather than relying on HTTPS alone.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150608/71109975/attachment.pgp>

More information about the OpenStack-dev mailing list