Turns out that the bower registry doesn't actually support https. Git does - so we can prove authenticity of the code - but the address lookup that tells us which git url to pull from? Not so much. I'm still digging, but unless we can get that fixed upstream (or can get everyone to be ok with not loading things over https), the best we can expect from bower is switching over to using git url's pointed at our xstatic packages. I'll put the rest of my findings on the review. Michael On Mon, Mar 9, 2015 at 12:33 PM Matthew Farina <matt at mattfarina.com> wrote: > Richard, thanks for sharing this. I hope we can move to bower sooner > rather than later. > > On Sat, Mar 7, 2015 at 5:26 PM, Richard Jones <r1chardj0n3s at gmail.com> > wrote: > >> On Sun, 8 Mar 2015 at 04:59 Michael Krotscheck <krotscheck at gmail.com> >> wrote: >> >>> Anyone wanna hack on a bower mirror puppet module with me? >>> >> >> BTW are you aware of this spec for bower/Horizon/infra? >> >> https://review.openstack.org/#/c/154297/ >> >> >> Richard >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150309/11d2a732/attachment.html>