MirrorCache icon indicating copy to clipboard operation
MirrorCache copied to clipboard
verified publisher icon openSUSE

redirect to untrusted mirror.yandex.ru

Open uwe5 opened this issue 2 years ago • 2 comments

Links to the Russian server are no longer allowed as they are no longer trustworthy. How can another server be used here?

for example:

http://download.opensuse.org/update/leap/15.4/sle/repodata/7d21bb5267878fe28009e619c2f9a0826f3d4390902134f06405b45dcada442c-deltainfo.xml.gz

linked to

http://mirror.yandex.ru/opensuse/update/leap/15.4/sle/repodata/7d21bb5267878fe28009e619c2f9a0826f3d4390902134f06405b45dcada442c-deltainfo.xml.gz

uwe5 avatar Jan 12 '24 09:01 uwe5

What's the context? And what is trustworthy? zypper package management system has enough protection, so it is practically impossible to inject malicious content. (and if russian spies want to do it - they practically can do it from any country).

We don't redirect to RU and BY mirrors for requests from UA, because those are often not reachable (not because they are less trustworthy).

andrii-suse avatar Jan 12 '24 13:01 andrii-suse

Probably I wanted to ask about "are no longer allowed": by who? Fyi you can work around it by appending ?AVOID_COUNTRY=ru,by to value of baseurl in .repo files, but let me know if you have more details or that workaround is not feasible for some reasons

andrii-suse avatar Jan 12 '24 15:01 andrii-suse