On 2014-02-11 16:24, Mattias Wadenstein wrote:
Ah, finally a half-reasonable case for https. I agree that this is sufficient for software support in apt, d-i, etc.
TLS gives you confidentiality and authentication over the integrity protection you get from GPG. You might want to serve some packages only to some authenticated clients and not leak those packages to others, for instance. I find that not only half reasonable.
I just hope it doesn't turn into more of the misguided "if only mirrors served packages over https, NSA wouldn't be able to see that I have iceweasel installed!" version of false assumption of security.
It also conveniently sidesteps some other attacks where you serve old lists. Of course we got fields now to make files only valid for a shorter period, but if you monitor that you can actually reach and connect to the server, it should not be able to serve you stale lists maliciously through a MITM attack.
Kind regards Philipp Kern PS: Thanks, Colin, for putting the effort into Debian as well!