We’re no longer using our old ftp, rsync, and git links for distributing OpenSSL. These were great in their day, but it’s time to move on to something better and safer. ftp://ftp.openssl.org and rsync://rsync.openssl.org are not available anymore. As of June 1, 2024, we’re also going to shut down https://ftp.openssl.org and git://git.openssl.org/openssl.git mirrors.

GitHub is becoming the main distributor of the OpenSSL releases.

  • Gamma@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    7 months ago

    Any official mirrors would sync the changes anyway, it’s automatic

    Edit: Oh, I think I misunderstood your point. I agree that hosting the repos themselves would make it harder for randoms to maliciously introduce code

    • lemmyreader@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      I was trying to say that if the OpenSSL developers upload new source code to only GitHub and something goes wrong, even for example simply a mistake or failure by GitHub, then other users wanting to download will not have to wait for the OpenSSL developers to repair that problem when OpenSSL project would for example have mirrors on Codeberg or sourcehut or their own git server, the latter which they intend to deprecate.

      • Gamma@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        7 months ago

        If they were to set up an official mirror it would be automatic, so I don’t think there’s any real way to avoid that problem with their current plan. But you’re right! Sorry for the confusion

    • refalo
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      What is your definition of harder? I think bugs/breaches are even more likely on personal forges than github. Not that one should rely on github anyways…