Re: SSL for debian.org/security?
On 30-10-2013 09:51, Celejar wrote:
> Maybe I'm missing something, but the security of the apt system has
> nothing to do with SSL - it uses GPG signatures. This discussion about
> SSL concerns the website, etc.
The point is server authentication. Without SSL anyone can simply hack
DNS or MITM and hide updates from somebody.
On 30-10-2013 00:27, Jonathan Spearman wrote:
> If I am not misunderstanding this. The object is to secure the site so
> it won't be hacked. Why is there this need to use TOR?
There is no need to use Tor. It just could be an option, and not the
only way. Free to choose.
Even if Debian choose to use only Tor for security updates, there are
ways to do it as transparent as it is right now.
> This is why Linux has a hard time
> being in the mainstream. Not because it's less secure or not like that
> other OS, but because you have people making the usage of it hard for a
> normal user to just get information and use the product.
> Some of you really need to stop watching the news and just enjoy the
> freedom that Linux brings.
I think the real problems are: inertia, fear, lack of games, lack of
documentation and tutorials on other languages. The last things that
will change the mind of a "normal user" are security and freedom. I
enjoy it, but most people just don't care.
Reply to: