[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypted repos (https/ftps)

> > Encrypting it will not solve that.  It will only make it slightly
> > harder.
> In don't why that should make it only slightly harder. Please explain.

Kurt Roeckx wrote:
Because it leaks things like the size of all the packages you're
downloading.  apt doesn't do pipelining.

On 20.10.14 12:12, Axel Beckert wrote:
Ok, so it's not as much helpful now as it could be, but may become
more useful in the future.

I still do not get the point.

The packages are signed and that should be enough for verification.
Do you need to hide the fact you are updating debian?
(usually you should hide the fact you are _not_ updating it)

since mirrors are run by 3rd parties (e.g. me), it's not so easy to
exchange and sign SSL keys...

Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

Reply to: