Re: Encrypted repos (https/ftps)
-----BEGIN PGP SIGNED MESSAGE-----
I wonder a bit, i currently see not the single downloads only the
complete download of all files when using https.
Does this doesn't matter? Or better said: Is it still possible that it
leaks the single file sizes like that?
And if it leaks the file sizes how easy/hard is this to know the actual
file names which have been downloaded?
On 18.10.2014 22:01, Kurt Roeckx wrote:
> On Fri, Oct 10, 2014 at 09:59:03PM +0200, Axel Beckert wrote:
>> Hi Kurt,
>> Kurt Roeckx wrote:
>>>> The issue is that our ISPs can see the names of the packages that we
>>>> download, and i don't think anybody needs to see that. With encrypted
>>>> connections this issue would be solved.
>>> Encrypting it will not solve that. It will only make it slightly
>> In don't why that should make it only slightly harder. Please explain.
> Because it leaks things like the size of all the packages you're
> downloading. apt doesn't do pipelining.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----