On 4/1/21 12:32 PM, Warren Young wrote:> On Mar 26, 2021, at 7:08 AM, Warren Young <warren at etr-usa.com>
wrote:
>>
>> Is anyone else getting this on dnf upgrade?
>>
>> [MIRROR] sssd-proxy-2.3.0-9.el8.x86_64.rpm: Interrupted by header
callback: Server reports Content-Length: 9937 but expected size is: 143980
>
> The short reply size made me think to try a packet capture, and it turned
out to be a message from the site?s ?transparent? HTTP proxy, telling me that
content?s blocked.
>
> Rather than fight with site IT over the block list, I have a new question:
is there any plan for getting HTTPS-only updates in CentOS? Changing all ?http?
to ?https? in my repo conf files just made the update stall, so I assume there
are mirrors that are still HTTP-only.
No .. we host things on donated servers, we therefore are not putting
private keys on there. That (and external mirrors) is why we SIGN
repodata.xml. We just can't risk putting private keys for centos.org on
machines that are donated.