Re: ITI: HTTPS method for apt
Paolo Redaelli <paolo.redaelli@libero.it> writes:
>> Why? Don't you want yor neighbours (or whoever might be abble to spy on
>> your network traffic) to see what package versions you run?
> Crypted downloads is a step toward improvements in security and/or
> commercial support (note commercial != proprietary)
I agree (but I doubt the commercial part), but reencrypting the same
data over and over again is quite inefficient. Furthermore, you don't
know the actual source of the package, you have to trust the mirror.
Signing packages themselves is a much better approach IMHO.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Reply to: