[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: why is debianroot via HTTP not a security vulnerability to docker 32bit?

On Mon, 2017-04-24 at 10:52 +0000,
7fjmqh+nfs4gwozk2w26fylhkykgg@guerrillamail.com wrote:
> In his repository I find the build definition for docker 32bit
> debian, c.f. https://github.com/docker-32bit/debian/blob/i386/build-i
> mage.sh. In there I see he sets up the mirror and pretty much every
> "deb" reference with "http://"HTTP, not "https://";. From what I have
> found in Wikis of Debian and Ubuntu, HTTP still seems standard
> practice in the debian ecosystem. But I wonder how and where the
> downloaded binaries are verified against any checksums?

It's explained here: https://wiki.debian.org/SecureApt


Ben Hutchings
Larkinson's Law: All laws are basically false.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: