Re: why is debianroot via HTTP not a security vulnerability to docker 32bit?

To: debian-boot@lists.debian.org
Subject: Re: why is debianroot via HTTP not a security vulnerability to docker 32bit?
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 24 Apr 2017 12:45:41 +0100
Message-id: <[🔎] 1493034341.31767.68.camel@decadent.org.uk>
In-reply-to: <[🔎] 92c075657ee8f284b052cb59e882f2ee3b81@guerrillamail.com>
References: <[🔎] 92c075657ee8f284b052cb59e882f2ee3b81@guerrillamail.com>

On Mon, 2017-04-24 at 10:52 +0000,
7fjmqh+nfs4gwozk2w26fylhkykgg@guerrillamail.com wrote:
[...]
> In his repository I find the build definition for docker 32bit
> debian, c.f. https://github.com/docker-32bit/debian/blob/i386/build-i
> mage.sh. In there I see he sets up the mirror and pretty much every
> "deb" reference with "http://"HTTP, not "https://";. From what I have
> found in Wikis of Debian and Ubuntu, HTTP still seems standard
> practice in the debian ecosystem. But I wonder how and where the
> downloaded binaries are verified against any checksums?
[...]

It's explained here: https://wiki.debian.org/SecureApt

Ben.

-- 
Ben Hutchings
Larkinson's Law: All laws are basically false.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- why is debianroot via HTTP not a security vulnerability to docker 32bit?
  - From: <7fjmqh+nfs4gwozk2w26fylhkykgg@guerrillamail.com>

Prev by Date: Bug#861066: installation-reports: Stretch - Fails to start gdm3 on Hyper-V
Next by Date: Bug#860809: installation-reports: ipv6 SLAAC autoconf not working with stretch's network install
Previous by thread: why is debianroot via HTTP not a security vulnerability to docker 32bit?
Next by thread: Bug#861083: Fails to boot installed system
Index(es):
- Date
- Thread