[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: people.debian.org will move from ravel to paradis and become HTTPS only

On Sun, Jul 20, 2014 at 10:38:23AM +0200, Matthias Urlichs wrote:
> > Pervasive monitoring.
> In and of itself, if you only access publicly-availble files, that's not a
> threat.

1 Security service has unknown exploit.
2 Pervasive monitoring sees you install a package from somewhere over HTTP.
3 Attack is automated in a targeted fashion.

I don't see that this is beyond the realm of possibility. This is really
only a reason for having HTTPS as default, not excluding those who can't use
HTTPS for legal, technical or other reasons.


e: irl@fsfe.org            w: iain.learmonth.me
x: irl@jabber.fsfe.org     t: +447875886930
c: MM6MVQ                  g: IO87we
p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49

Attachment: pgpYIdf8ICA2V.pgp
Description: PGP signature

Reply to: