Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)

To: debian-cloud@lists.debian.org
Subject: Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
From: Tiago Ilieve <tiago.myhro@gmail.com>
Date: Tue, 15 Mar 2016 00:02:39 -0300
Message-id: <[🔎] CALdTKe8L62i_Ya1ozK49amPvKX_HJvffVxkCyyHXU0hdDHJo-w@mail.gmail.com>
In-reply-to: <[🔎] 20160315020032.GA23941@abolte-desktop.users>
References: <[🔎] 20160312131932.GB32726@bubu.igloo> <[🔎] 56E42A5E.9030303@rcpt.to> <[🔎] 20160313133311.GF32726@bubu.igloo> <[🔎] 56E6CBE6.6020208@rcpt.to> <[🔎] 20160315012654.GM31860@falafel.plessy.net> <[🔎] 20160315020032.GA23941@abolte-desktop.users>

Adam,

On 14 March 2016 at 23:00, Adam Bolte <abolte@systemsaviour.com> wrote:
> What does it buy you exactly? Debian repositories already do package
> signing, so we know things haven't been tampered with. Probably any
> significant number of machines installed somewhere will have a caching
> proxy for updates, largely mitigating privacy concerns as well.

Signed packages guarantees authenticity and integrity, but not
confidentiality. Everyone between a machine running APT and the Debian
mirror (be it your network gateway, ISP, NSA or whatever) will know
exactly what packages you are downloading and their versions. If this
is done using HTTPS, only this client machine and the Debian mirror
itself will know what is being transferred.

Regards,
Tiago.

-- 
Tiago "Myhro" Ilieve
Blog: https://blog.myhro.info/
GitHub: https://github.com/myhro
LinkedIn: https://br.linkedin.com/in/myhro
Montes Claros - MG, Brasil

Reply to:

Follow-Ups:
- Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
  - From: Adam Bolte <abolte@systemsaviour.com>

References:
- Re: own cloud task in tasksel?
  - From: Charles Plessy <plessy@debian.org>
- Re: own cloud task in tasksel?
  - From: James Bromberger <james@rcpt.to>
- Re: own cloud task in tasksel?
  - From: Charles Plessy <plessy@debian.org>
- Re: own cloud task in tasksel?
  - From: James Bromberger <james@rcpt.to>
- Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
  - From: Charles Plessy <plessy@debian.org>
- Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
  - From: Adam Bolte <abolte@systemsaviour.com>

Prev by Date: Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
Next by Date: Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
Previous by thread: Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
Next by thread: Re: Should apt-transport-https be Priority: Important ? (Re: own cloud task in tasksel?)
Index(es):
- Date
- Thread