[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No port 443 (https) available at "security.debian.org"-repository


> your repositories on "debian.org" (especially "http://security.debian.org/";
> !!) are not!

This has been brought up many times on many lists; please
see/search the archives in future.

The files are cryptographically signed which guarantees
they haven't been tampered with in transit (modulo replay
attacks which are handled in a different way).

The only thing adopting might provide would be some quasi-
anonymity with regards to which packages you are downloading
but even that is doubtful since the package sizes themselves
are very revealing.

In short, there's no need for SSL. Please see
<https://wiki.debian.org/SecureApt> for the technical details.


     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk

Reply to: