Re: Q: Use https for {deb,security}.debian.org by default
On Fri, 2021-08-20 at 12:11 -0700, Russ Allbery wrote:
> The way I would put it is that the security benefit of using TLS for apt
> updates is primarily that it makes certain classes of attempts to mess
> with the update channel more noisy and more likely to produce immediate
> errors.
APT is not the only way to download packages: often enough users (and
developers) will ignore apt, download packages manually for various
reasons, *not* do the integrity checks apt does and install them.
Using https:// URLs for mirrors wherever possible makes this a bit less
bad.
Ansgar
Reply to:
- References:
- Q: Use https for {deb,security}.debian.org by default
- From: Hideki Yamane <henrich@iijmio-mail.jp>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Simon Richter <sjr@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Kyle Edwards <kyle.edwards@kitware.com>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Bjørn Mork <bjorn@mork.no>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Russ Allbery <rra@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Jeremy Stanley <fungi@yuggoth.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Russ Allbery <rra@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Paul Gevers <elbrus@debian.org>
- Re: Q: Use https for {deb,security}.debian.org by default
- From: Russ Allbery <rra@debian.org>