Re: Debian mirrors and MITM
On Sat, May 31, 2014 at 12:32:59AM +1000, Alfie John wrote:
I'm definitely wanting to engage in serious discussion. I'm an avid
Debian user and am wanting to protect its users. This *is* the Debian
security mailing list after all right? All I was trying to do is ask
questions as to why it is currently not being HTTPS-enforced and I got
flamed for it.
Well, you haven't shown any sign of having studied the publically
available documentation or checked the public archives relating to the
design decisions. Yes it's the debian-security mailing list, but that
doesn't mean that it's scalable for debian to provide a personal
walkthrough of the entire package signing architecture for everyone who
sends an email to the list, does it?