[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian mirrors and MITM

Hi guys,

Taking a look at the Debian mirror list, I see none serving over HTTPS:


The public Debian mirrors seem like an obvious target for governments to
MITM. I know that the MD5s are also published, but unless you're
verifying them with third parties, what's stopping the MD5s being
compromised too?

Is there any compelling reason why the public Debian mirrors aren't
served over HTTPS? If there isn't any, then further to this, is there
any reason why not to mandate all public Debian mirrors HTTPS-only?


  Alfie John

Reply to: