[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL for debian.org/security?

On Wed, 30 Oct 2013 10:34:15 -0200
Djones Boni <07ea86bb4e@gmail.com> wrote:

> On 30-10-2013 09:51, Celejar wrote:
> > Maybe I'm missing something, but the security of the apt system has
> > nothing to do with SSL - it uses GPG signatures. This discussion about
> > SSL concerns the website, etc.

> The point is server authentication. Without SSL anyone can simply hack
> DNS or MITM and hide updates from somebody.

You're snipping crucial context; my comment above was in response to this:

> For apt-get a self-signed certificate could be used which comes together
> with Debian. No CA required. This is both simpler and safer.

I was pointing out that this comment makes no sense in the context of
apt-get. It sounds like you're referring to the website or email system.

Celejar
Reply to: