[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)

On Tue, Mar 15, 2016 at 10:26:54AM +0900, Charles Plessy wrote:
> With the worldwide effort of using HTTPS everywhere, I wonder if
> apt-transport-https shouldn't be installed by default anyway on systems with
> network connectivity, that is, its priority should be Important.  What do
> people think about this ?  Would it make sense to raise the question on
> debian-devel ?

What does it buy you exactly? Debian repositories already do package
signing, so we know things haven't been tampered with. Probably any
significant number of machines installed somewhere will have a caching
proxy for updates, largely mitigating privacy concerns as well.

The HTTPS Everywhere extension makes perfect sense, because web pages
are not signed, browsers are generally uniquely identifiable and
anyone can inject malicious JavaScript into your page, intercept your
private details, etc. However I would have expected Debian
repositories are about the least important thing to have run over

Attachment: signature.asc
Description: Digital signature

Reply to: