[tor-bugs] #2090 [Tor bundles/installation]: APT repository broken by website relaunch
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Oct 20 04:20:51 UTC 2010
#2090: APT repository broken by website relaunch
--------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: erinn
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor bundles/installation | Version:
Keywords: APT repository deb redesign relaunch | Parent:
--------------------------------------------------+-------------------------
The APT repositories which used to be available at
http://deb.torproject.org/torproject.org/
no longer work.
http://deb.torproject.org/torproject.org/dists/lenny/main/binary-
amd64/Packages.gz
is a HTTP 302 (temporary) redirect to
https://www.torproject.org/torproject.org/dists/lenny/main/binary-
amd64/Packages.gz
which returns a HTTP 404 File not found error.
I assume this behaviour is related to your website redesign, combined with
a newly added overbroad Apache Redirect statement which applies to all
virtual hosts in an attempt to safeguard your users by switching to an
encrypted connection. The issue here, however, is that there is just a
single HTTPS VirtualHost.
You might want to either keep the deb.torproject.org site available by
plain HTTP (possibly allowing for disclosure of users' slightly sensitive
information), setup multiple SSL sites on different IP addresses, use a
single SSL certificate for multiple hostnames by (ab)use of
SubjectAltName's or consider switching to TLS 1.1 and Server Name
Indication (which will lock Internet Exploiter on Windoze XP out). Or just
find an even better option than I could think of.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2090>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list