[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 11:24 PM, Michael Stone wrote:
> On Fri, May 30, 2014 at 11:13:31PM +1000, Alfie John wrote:
> >As what I posted earlier, all you would need to do is to MITM the
> >install of APT during an install. Who cares what the signatures look
> >like since you've NOPed the checksumming code!
> That's why you verify the initial install media per the link I posted 
> earlier...

Well yes, that's something. But serving Debian over HTTPS would prevent
the need for this.


  Alfie John

Reply to: