[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ITI: HTTPS method for apt

On Wed, 20 Mar 2002 20:45:49 +0100, Florian Weimer
<Weimer@CERT.Uni-Stuttgart.DE> wrote:
>I agree (but I doubt the commercial part), but reencrypting the same
>data over and over again is quite inefficient.  Furthermore, you don't
>know the actual source of the package, you have to trust the mirror.
>Signing packages themselves is a much better approach IMHO.

But https also allows the use of client certificates, which is quite
useful if you use the .deb format to distribute commercial software
that should only be downloaded by sites that paid for it.


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: