add_repo.sh uses http to download public key #63

jgraef · 2017-01-03T15:49:33Z

wget -O - http://dl.concerto-signage.org/concerto_deb_public.key | sudo apt-key add -

This download uses plain HTTP, thus the authenticity of the public key is not guaranteed. It should be:

wget -O - https://dl.concerto-signage.org/concerto_deb_public.key | sudo apt-key add -

The text was updated successfully, but these errors were encountered:

mfrederickson · 2017-02-24T00:29:09Z

@augustf the certificate has expired

$ wget -O - https://dl.concerto-signage.org/concerto_deb_public.key
--2017-02-23 15:25:50--  https://dl.concerto-signage.org/concerto_deb_public.key
Resolving dl.concerto-signage.org (dl.concerto-signage.org)... 173.232.104.112, 2607:ff28:0:a::303b:508e
Connecting to dl.concerto-signage.org (dl.concerto-signage.org)|173.232.104.112|:443... connected.
ERROR: cannot verify dl.concerto-signage.org's certificate, issued by ‘CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Issued certificate has expired.
To connect to dl.concerto-signage.org insecurely, use `--no-check-certificate'.

sundhaug92 · 2019-02-19T20:28:42Z

Yeah they should turn on letsencrypt

mfrederickson · 2019-09-09T22:57:19Z

Hosting our apt repo on github might be a solution.

mfrederickson assigned augustf Sep 5, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add_repo.sh uses http to download public key #63

add_repo.sh uses http to download public key #63

jgraef commented Jan 3, 2017

mfrederickson commented Feb 24, 2017

sundhaug92 commented Feb 19, 2019

mfrederickson commented Sep 9, 2019

add_repo.sh uses http to download public key #63

add_repo.sh uses http to download public key #63

Comments

jgraef commented Jan 3, 2017

mfrederickson commented Feb 24, 2017

sundhaug92 commented Feb 19, 2019

mfrederickson commented Sep 9, 2019