2017-11-25T00:00:50 *** Son_Goku has quit IRC 2017-11-25T00:15:05 *** Son_Goku has joined #opensuse-admin 2017-11-25T00:25:14 *** Son_Goku has quit IRC 2017-11-25T00:32:41 *** Son_Goku has joined #opensuse-admin 2017-11-25T01:01:14 *** Son_Goku has quit IRC 2017-11-25T01:20:33 *** Son_Goku has joined #opensuse-admin 2017-11-25T01:23:01 *** Son_Goku has joined #opensuse-admin 2017-11-25T01:29:03 *** Son_Goku has quit IRC 2017-11-25T02:21:54 *** Son_Goku has joined #opensuse-admin 2017-11-25T02:30:57 *** Son_Goku has quit IRC 2017-11-25T02:49:26 *** Son_Goku has joined #opensuse-admin 2017-11-25T02:58:04 *** Son_Goku has quit IRC 2017-11-25T03:17:26 *** dddh has quit IRC 2017-11-25T03:25:39 *** malcolmlewis has quit IRC 2017-11-25T03:32:30 *** dddh has joined #opensuse-admin 2017-11-25T03:37:03 *** malcolmlewis has joined #opensuse-admin 2017-11-25T03:37:03 *** malcolmlewis has joined #opensuse-admin 2017-11-25T03:37:05 *** okurz has quit IRC 2017-11-25T03:38:09 *** Son_Goku has joined #opensuse-admin 2017-11-25T03:38:12 *** okurz has joined #opensuse-admin 2017-11-25T03:49:36 *** plinnell has quit IRC 2017-11-25T03:56:34 *** Son_Goku has quit IRC 2017-11-25T04:09:16 *** Son_Goku has joined #opensuse-admin 2017-11-25T04:18:14 *** Son_Goku has quit IRC 2017-11-25T04:28:46 *** Son_Goku has joined #opensuse-admin 2017-11-25T04:38:39 *** Son_Goku has quit IRC 2017-11-25T04:54:17 *** plinnell has joined #opensuse-admin 2017-11-25T04:54:17 *** plinnell has joined #opensuse-admin 2017-11-25T05:17:33 *** Son_Goku has joined #opensuse-admin 2017-11-25T05:27:15 *** Son_Goku has quit IRC 2017-11-25T06:06:32 *** Son_Goku has joined #opensuse-admin 2017-11-25T06:16:42 *** Son_Goku has quit IRC 2017-11-25T06:19:38 *** Son_Goku has joined #opensuse-admin 2017-11-25T06:34:04 *** Son_Goku has quit IRC 2017-11-25T06:50:37 *** Son_Goku has joined #opensuse-admin 2017-11-25T07:22:46 *** Son_Goku has quit IRC 2017-11-25T07:45:48 *** Son_Goku has joined #opensuse-admin 2017-11-25T07:52:46 *** fghariani has joined #opensuse-admin 2017-11-25T08:14:37 *** Son_Goku has quit IRC 2017-11-25T08:17:05 *** tigerfoot has quit IRC 2017-11-25T08:17:34 *** tigerfoot has joined #opensuse-admin 2017-11-25T08:32:35 *** fghariani has quit IRC 2017-11-25T09:13:57 *** tigerfoot has joined #opensuse-admin 2017-11-25T09:20:29 *** cboltz has joined #opensuse-admin 2017-11-25T09:38:41 *** cthugha has joined #opensuse-admin 2017-11-25T09:42:23 *** ldevulder has quit IRC 2017-11-25T09:55:29 *** plinnell has quit IRC 2017-11-25T09:58:08 *** fghariani has joined #opensuse-admin 2017-11-25T10:13:27 *** fghariani has quit IRC 2017-11-25T10:22:08 good morning! 2017-11-25T10:22:14 * tampakrap is back in Prague! 2017-11-25T10:24:32 *** fvogt has joined #opensuse-admin 2017-11-25T10:42:14 I hope you enjoyed the week in Nuremberg ;-) 2017-11-25T10:42:39 it is always fun to visit nuremberg for a week! 2017-11-25T10:42:51 not more though, it reminds me a lot of my hometown which I hate :D 2017-11-25T10:45:45 just in case you are bored - weblate (ticket 28204) and gitlab are both down :-( 2017-11-25T10:46:11 might be related to the new postgres VMs Lars is setting up 2017-11-25T10:48:13 yep that's the reason 2017-11-25T11:01:03 *** Son_Goku has joined #opensuse-admin 2017-11-25T11:14:28 *** Son_Goku has quit IRC 2017-11-25T12:06:53 good morning sunshine(s) 2017-11-25T12:16:12 tampakrap, did you see my pm this morning ? :) 2017-11-25T12:23:59 katnip: no sorry, what's up? 2017-11-25T12:33:27 i am to ask you about a VPN ? :) 2017-11-25T12:34:23 ah yes 2017-11-25T12:34:39 so before I do, take a look at our open tickets please and try to solve anything https://progress.opensuse.org/projects/opensuse-admin/issues 2017-11-25T12:34:49 ok 2017-11-25T12:35:03 feel free to ask me for further info, or to discuss a problem/solution for them 2017-11-25T12:35:13 will do 2017-11-25T13:02:32 *** Son_Goku has joined #opensuse-admin 2017-11-25T13:15:45 *** Son_Goku has quit IRC 2017-11-25T13:27:29 *** cboltz has quit IRC 2017-11-25T13:44:46 #28343 - tampakrap is this a matter of changing the url in the repo? 2017-11-25T13:46:02 sorry i'm distracted here at home too :) 2017-11-25T13:46:30 from what Per says, it redirects properly on http but not on https 2017-11-25T13:51:37 yes i saw this in the email list, someone said why have https in the first place, isnt that rather obvious for security reasons? 2017-11-25T13:52:14 read this https://progress.opensuse.org/news/40 2017-11-25T13:52:25 it explains exactly this 2017-11-25T13:52:31 ok 2017-11-25T13:57:59 the other thing about tor: Would TOR help ? - Probably yes, in regard of the anonymity that TOR provides, only you and your entry server know what you are looking for. Interestingly, the traffic inside the TOR network is already encrypted. So you don't win much with an encrypted endpoint download.opensuse.org. 2017-11-25T13:58:59 is that downloading through tor is not recommended as the tor devs have said that does reveal your location and anonymity by doing that. 2017-11-25T14:10:11 I'm totally unaware of tor, never used it so I can't say anything 2017-11-25T14:11:22 im trying find the link that explains that 2017-11-25T14:18:39 this may or may not apply here: https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea 2017-11-25T14:19:09 that's for torrents 2017-11-25T14:22:39 so is this article in favor of ssl or against or weighing it out to make a decision on it? 2017-11-25T14:29:27 isnt is better to have ssl ? hasnt debian and mint been hacked recently? do they use ssl on their repos? 2017-11-25T14:33:53 sure it is, but the article I linked you describes the technical difficulties on our mirrorbrain software that prevent us from having it on by default at the moment 2017-11-25T14:35:31 and you need to or want to figure out how to have it on? 2017-11-25T14:36:43 nope, the article describes the steps that need to be taken to make it 2017-11-25T14:38:24 i think i'm misunderstanding the concept of what you want me to do then :( 2017-11-25T14:39:47 I didn't want you to do anything about that specific issue apart from you understanding what is happening with SSL on by default on our mirroring system 2017-11-25T14:40:19 i want to help but at the moment, i dont know how with what we've done so far 2017-11-25T14:40:47 is the discussion in the article against ssl? 2017-11-25T14:41:13 those mirrors i clicked on are not ssl 2017-11-25T14:42:22 read the article again please, it answers those questions 2017-11-25T14:53:51 ok, while we can provide ssl, it's still going to be up to the user to check it with the key/checksum ? 2017-11-25T14:54:13 correct 2017-11-25T14:54:41 pebkak or however that is spelled 2017-11-25T14:54:57 user error 2017-11-25T14:55:03 *** cboltz has joined #opensuse-admin 2017-11-25T14:55:03 *** cboltz has joined #opensuse-admin 2017-11-25T14:57:33 how do we enact ssl? 2017-11-25T14:58:04 i do know i have to click on a new repo of trust 2017-11-25T14:59:29 i feel rather ignorant but want to learn, i'm sorry man 2017-11-25T15:05:00 your question looks like you are mixing two things: 2017-11-25T15:05:13 a) using https -> encrypted transport 2017-11-25T15:05:44 b) signing repos and packages -> ensuring users get the correct, unmodified content 2017-11-25T15:06:04 exactly 2017-11-25T15:06:38 a) "just" means that someone sniffing on your network cable won't be able to see which packages you download 2017-11-25T15:07:19 they can see who you are and where you are, but not what you are doing 2017-11-25T15:07:40 right 2017-11-25T15:08:03 there are lots of cases where I think this important 2017-11-25T15:08:17 oh indeed 2017-11-25T15:08:45 like i explained how i connect to irc, that's for a reason 2017-11-25T15:08:54 but for finding out which packages I have installed on my laptop? I wouldn't call that a secret ;-) 2017-11-25T15:09:11 in our cases no 2017-11-25T15:09:19 kali linux perhaps 2017-11-25T15:09:31 right, for IRC encrypted connections make sense 2017-11-25T15:09:41 but well, then you write in a public channel ;-) 2017-11-25T15:10:02 anyway, the more important thing for download.opensuse.org is b) - signing packages and repos 2017-11-25T15:10:28 this ensures that nobody can inject modified packages without causing a big warning 2017-11-25T15:10:54 is this what had happened with debian and mint? 2017-11-25T15:11:34 their repos were compromised they said 2017-11-25T15:16:55 I'm not sure if I noticed something about debian in the news 2017-11-25T15:17:08 for mint, it looks like a modified ISO image was uploaded 2017-11-25T15:17:14 it was a few yrs ago 2017-11-25T15:17:21 ah, ok 2017-11-25T15:17:40 debian announced it, then fixed it 2017-11-25T15:17:49 https can't prevent that - the server will happily deliver the modified file 2017-11-25T15:18:00 i assumed it was what we're talking about 2017-11-25T15:18:04 oh ok 2017-11-25T15:19:07 now, let me ask, what does the vpn give me the ability to do? to access the repos and servers? 2017-11-25T15:19:40 think about http vs. https like driving a car vs. taking a bus - just two different methods to bring people from A to B 2017-11-25T15:20:01 both can be used by "normal" people, but also by criminals 2017-11-25T15:20:11 because they are "just" transport methods 2017-11-25T15:20:15 same with tor 2017-11-25T15:20:26 (well, I wouldn't recommend to take the bus after robbing a bank, but... ;-) 2017-11-25T15:20:29 even govt uses tor 2017-11-25T15:20:37 haha 2017-11-25T15:21:34 you'll need the VPN to reach the servers (actually VMs) that are behind the firewall 2017-11-25T15:21:38 problem with tor is a very slow network 2017-11-25T15:22:08 and my vm is for? 2017-11-25T15:22:10 most of the VMs only have a private IP (192.168.something) 2017-11-25T15:22:19 ahh i see 2017-11-25T15:23:16 if you access something.opensuse.org in your browser, you actually connect (with very few exceptions) to a haproxy server 2017-11-25T15:23:43 and that haproxy then forwards the request to the right VM (for example the wiki) and gives you back the resulting page 2017-11-25T15:23:47 mostly wiki's from ive seen 2017-11-25T15:24:18 ok 2017-11-25T15:25:42 is this vpn only to be used to access suse? i imagine it is, but so i know on my system... i dont have any ideas 2017-11-25T15:26:15 it only gives access to the openSUSE VMs 2017-11-25T15:26:25 ok good 2017-11-25T15:26:26 that includes several *.opensuse.org services you know 2017-11-25T15:26:32 ok 2017-11-25T15:26:34 and also some backend services like database servers 2017-11-25T15:39:36 not sure i understand why this is a ticket: https://progress.opensuse.org/issues/27793 2017-11-25T15:40:56 is he asking for more mirrors to help out? 2017-11-25T15:44:05 i see some of these things in the email lists 2017-11-25T15:48:06 that request is for getting access on stage.opensuse.org (the server where mirrors can fetch all repos, with faster access and sometimes also earlier than they are available on the public server) 2017-11-25T15:49:32 how do you service that? 2017-11-25T15:49:36 https://en.opensuse.org/Mirror_Infrastructure (especially the "Rsync servers" section) should help to understand the details 2017-11-25T15:50:14 someone with enough permissions needs to whitelist the mirror's IP for accessing stage.opensuse.org 2017-11-25T15:50:33 *** plinnell has joined #opensuse-admin 2017-11-25T15:50:33 *** plinnell has joined #opensuse-admin 2017-11-25T15:51:11 on the ticket system level, set the category to "mirrors" and assign the ticket to "opensuse-mirror-admins" 2017-11-25T15:53:02 is this the follow up to that: https://progress.opensuse.org/issues/27796 2017-11-25T15:56:12 is progress.opensuse.org our wiki? 2017-11-25T15:59:51 it's mostly a ticket system 2017-11-25T16:00:26 but we also have a small non-public wiki there for admin stuff 2017-11-25T16:00:27 i see, have a pm if you dont mind 2017-11-25T16:18:39 *** cboltz has quit IRC 2017-11-25T16:37:19 *** Son_Goku has joined #opensuse-admin 2017-11-25T17:59:10 *** Son_Goku has quit IRC 2017-11-25T18:09:30 *** Son_Goku has joined #opensuse-admin 2017-11-25T19:31:38 *** Son_Goku has quit IRC 2017-11-25T20:09:16 *** Son_Goku has joined #opensuse-admin 2017-11-25T20:16:27 *** golden_receiver has joined #opensuse-admin 2017-11-25T20:49:28 *** heroes-bot has joined #opensuse-admin 2017-11-25T21:42:37 *** cboltz has joined #opensuse-admin 2017-11-25T21:42:37 *** cboltz has joined #opensuse-admin 2017-11-25T21:59:19 *** Son_Goku has quit IRC 2017-11-25T22:43:12 *** fvogt has quit IRC 2017-11-25T23:07:48 *** Son_Goku has joined #opensuse-admin 2017-11-25T23:54:40 *** fghariani has joined #opensuse-admin