Re: Debian mirrors and MITM
On Fri, May 30, 2014, at 11:17 PM, Reid Sutherland wrote:
> > As what I posted earlier, all you would need to do is to MITM the
> > install of APT during an install. Who cares what the signatures look
> > like since you've NOPed the checksumming code!
> So OpenSSL can be flawed and nobody bats an eye, APT uses GnuPG and
> everyone (this guy) loses their mind?
Strawman much? What does bring up OpenSSL have anything to do with
Debian mirrors being MITM?