[MacPorts] #57672: Add DNS CAA record for MacPorts domains

MacPorts noreply at macports.org
Mon Nov 26 21:58:43 UTC 2018


#57672: Add DNS CAA record for MacPorts domains
-----------------------------+---------------------
  Reporter:  ryandesign      |      Owner:  admin@…
      Type:  enhancement     |     Status:  new
  Priority:  Normal          |  Milestone:
 Component:  server/hosting  |    Version:
Resolution:                  |   Keywords:
      Port:                  |
-----------------------------+---------------------

Comment (by ryandesign):

 [https://crt.sh/?Identity=%25macports.org&iCAID=16418 Searching crt.sh],
 kmq.jp, pek.cn, and sha.cn are using Let's Encrypt certificates. (We've
 only configured mirror_sites.tcl to use https for pek.cn; I didn't know
 until I searched that the other two had issued certificates.) I'm not
 aware of any other mirrors using https for the MacPorts hostnames; they
 haven't informed us of such and we haven't configured mirror_sites.tcl for
 it.

 We have a mailing list for mirror admins, but we haven't informed the
 mirror admins of this yet or invited them to join it. We should do that.
 Then we can ask them if they have any opinions on this matter.

 If the current mirror admins agree this change is reasonable, we could
 even recommend the use of Let's Encrypt in the [wiki:Mirroring mirroring
 instructions]. They don't currently mention https because I wrote them
 before Let's Encrypt existed, back when getting an https certificate
 generally meant paying money, which I didn't want to ask our mirror admins
 to do.

-- 
Ticket URL: <https://trac.macports.org/ticket/57672#comment:3>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list