Hey, good idea, Baptiste.
The hash of the uploaded file is
sha256:d83ad972ec4a645e0ce580dd82668af3b0ea4d775f15910fe90a44687c926841.
I will make it part of the future announcements:
https://github.com/jenkins-infra/backend-commit-history-parser/commit/1eb7c84ab4a397960f72020ff276e5efe551fdd0
On 12/08/2020 08.48, Baptiste Mathus wrote:
> IIUC the most important, and quite easy, thing they could be done here
> before we can also have the right thing on server side is for Oliver to
> publish the hash for the local file he uploaded?
>
> This way even if someone was able to midm the http:// server folks could
> check they're testing the expected binaries?
>
> WDYT ?
>
> Oliver, are you able to add the computed hash in this thread?
>
> Thanks
>
> -- Baptiste
>
> Le mar. 11 août 2020 à 17:24, Mark Waite <
mark.ea...@gmail.com
> <mailto:
mark.ea...@gmail.com>> a écrit :
> <
http://mirrors.jenkins-ci.org>; its security certificate is
> from
pkg.origin.jenkins.io <
http://pkg.origin.jenkins.io>. This
> may be caused by a misconfiguration or an attacker intercepting
> your connection
> As it is a letsencyrpt certifacte, maybe just adding the domain
> (
https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains
> if using certbot) could help?
>
>
> Unfortunately, there's significantly more involved in the
> transition than adding an SSL certificate to the domain.
>
> That location is the root of the Jenkins mirrors. The mirroring
> software we use does not support HTTPS. We're in the process of
> switching to new mirroring software that supports HTTPS.
>
> Björn
>
johno.c...@gmail.com <mailto:
johno.c...@gmail.com> schrieb am
> <mailto:
jenkinsci-de...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/jenkinsci-dev/c632c50b-fe72-4f4e-84fb-1f2e47c26901n%40googlegroups.com
> <
https://groups.google.com/d/msgid/jenkinsci-dev/c632c50b-fe72-4f4e-84fb-1f2e47c26901n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to
jenkinsci-de...@googlegroups.com
> <mailto:
jenkinsci-de...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtGs4EO1gAk_P%3DVXkytxrmzzq7AkqSewrKr4yTd22k_rRw%40mail.gmail.com
> <
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtGs4EO1gAk_P%3DVXkytxrmzzq7AkqSewrKr4yTd22k_rRw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
jenkinsci-de...@googlegroups.com
> <mailto:
jenkinsci-de...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS45HWB7uSQU04B_3FdxvDzVNyLShv_727gtCCpj56QvPg%40mail.gmail.com
> <
https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS45HWB7uSQU04B_3FdxvDzVNyLShv_727gtCCpj56QvPg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
oliver