Closed Bug 792265 Opened 12 years ago Closed 12 years ago

Stub installer hosting

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task, P1)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: catlee, Assigned: nmaul)

References

Details

(Whiteboard: [triaged 20121005])

One requirement for the stub installer is that it must be served to the user over SSL. Our existing product delivery system won't work for this because currently bouncer is http-only, and also includes some community mirrors (albeit with extremely small weighting), whose content we don't control and are also http-only. Rob, I'm assigning this bug to you to start off with so we can get some initial requirements figured out. Other than the initial download must be over SSL, are there any other requirements for stub install downloads? How big is the stub installer? Could they be served from an ssl-enabled CDN?
See Also: → 675970
You could add code to bouncer such that this URL bypasses all other bouncer logic and returns a 302 to a SSL CDN URL.
Blocks: 358384
To get the full security benefit, pages with download buttons also need to be SSL. (Otherwise, a MITM attacker can give you a different download, with no UI difference in some browsers.) I assume our front & download pages are the most popular pages on www.mozilla.org, so we might as well make it all SSL-only, and turn on HSTS to win back some performance. Should that be a separate bug?
That would better be asked in bug 794499
Assignee: robert.bugzilla → server-ops
Now that we have some requirements and a fairly well fleshed out plan forward, this bug should be about where the actual stub installer files should reside... the hosting of the raw file(s). This might already be decided, but if so I don't know the answer yet so it would be nice to have it stated explicitly. The file(s) will be fronted with an SSL CDN mirror in bouncer, but the CDN still needs to know what the origin would be. Bug 796180 is for the setup of the product in bouncer, and bug 795440 is for setting up the SSL CDN mirror. I propose that the files should live somewhere in here, just like everything else does: https://ftp.mozilla.org/pub/mozilla.org/firefox/ It saves us quite a bit of work if they live in there somewhere...
Assignee: server-ops → server-ops-webops
Component: Server Operations → Server Operations: Web Operations
QA Contact: jdow → cshields
Assignee: server-ops-webops → nmaul
Priority: -- → P1
Whiteboard: [triaged 20121005]
Don't think there's anything left to do here.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.