On Aug 28, 2024, R A Montante, Ph.D. via Dng wrote:
> Hello all,
>
> I'm having an issue  doing "sudo apt update" --- it runs very slowly and
> gives the results below.  Does anyone know what's going on?  (There's a 2nd
> copy-paste after this one, BTW).
>
>
> Tried from my school just now (I've highlighted the first lines in red
> because they're so surprising):
>
> > Err:5 http://deb.devuan.org/merged daedalus InRelease
> > Err:6 http://deb.devuan.org/merged daedalus-security InRelease
> > Err:7 http://deb.devuan.org/merged daedalus-updates InRelease
> >  Temporary failure resolving 'deb.devuan.org'

Your DNS resolver doesn't like deb.devuan.org for some reason or other.

> So I tried/browsing/ to "deb.rr.devuan.org" (the CNAME) and got this error
> message (I highlighted the certificate problem in red):
>
> >
> > Warning: Potential Security Risk Ahead
> >
> > Firefox detected a potential security threat and did not continue to
> > *deb.rr.devuan.org*. If you visit this site, attackers could try to
> > steal information like your passwords, emails, or credit card details.

Testing with FF here causes FF to whine because it's http:// not
https:// (which is a non-issue for repos anyway, as packages are checked
against GPG-signed hashes).

IN OTHER WORDS -->> the big scary warning is fallout from the "HTTPS
Everywhere" movement pushed by Google et. al. about a decade ago. Well,
at least I think that was what people were calling it; quick check at
wikipedia says it was just a plugin for browsers pushed by the EFF.

If I force https:// ; then I get a cert error for a LE cert applied for
various "rrq.au" domains. I'd assume it's just apache falling through
to whatever cert it has available, rather than any malice.

Pretty sure 'rrq' is a semi-frequent commenter here, so perhaps he'll
see it and chime in.


--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860