problem with https://fedoraproject.org/en/verify
Richard Zidlicky
rz at linux-m68k.org
Thu Dec 31 22:51:58 UTC 2009
On Thu, Dec 31, 2009 at 05:07:30PM -0500, Ricky Zhou wrote:
> > [rz at rz rai]$ file Fedora-12-i386-CHECKSUM
> > Fedora-12-i386-CHECKSUM: gzip compressed data, from Unix
> Is there anything between you and th eserver that could be affecting
> this? Also, does this happen as well when you view it in a browser?
there is the NAT firewall of my umts provider (O2-Germany). Actually one of
the less intrusive providers, even allows VoIP and everything else.
The browser displays the expected content in cleartext. Size 1078 bytes, quirks
mode rendering, verified by equifax "site does not provide ownership information"
AES-256, CN=fedoraproject.org.
> Just out of curiosity, what does this file decompress to, if anything?
it does decompress to the exact same as the browser displays and gpg-verify
as well as sha256sum give the expected results.
So I do not think O2 would be running MIM attacks, it could be something in
wget-1.12-2.fc10 headers that causes a misunderstanding with the server regarding
to compression?
Just checked curl with the same URL and it gives the cleartext content to
stdout. Wget the compressed stuff again..
Can you look into your logs for 82.113.121.184, should be firefox, curl and wget
accesses. Its a NAT so you may get many more.
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091231/d494c290/attachment.sig>
More information about the Fedora-websites-list
mailing list