[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: client-side signature checking of Debian archives

Paul Wise <pabs@debian.org> writes:
> On Mon, Oct 24, 2016 at 7:21 AM, Kristian Erik Hermansen wrote:

>> The point is to improve privacy.

> Better privacy than https can be had using Tor:

> https://onion.debian.org/

Yeah, but this is *way* harder than just using TLS.  You get much of the
benefit by using TLS, and Tor comes with a variety of mildly problematic
side effects (speed issues, rather more complicated to set up and keep
going for the average person, the fact that sadly Tor is also pretty
widely used for malicious activity so you have to be a bit cautious in
*how* you use it, etc.).  By comparison, the work for TLS is all on the
project's part, and then the end user just gets the benefit for nearly

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: