[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

I have to laugh at this, my phone was going off constantly this morning,
and I was thinking "I don't have this much email normally!"  Looked over
the discussion and thought, "didn't this discussion happen recently?"  

It was something I was randomly thinking about one day too, but really
plain-text over http isn't really what's happening anyhow, and if you
want to change it, change it to ftp transport, not many people trying to
look there!  (yes that bit is a joke, but still, I don't think HTTPS
would really help a whole lot, except as someone else mentioned, you may
be able to see the packages being installed without it.)

On Fri, 2014-05-30 at 15:26 +0200, Estelmann, Christian wrote:
> Yes, but I think this time it will not be better...
> Some (most?) mirrors are supporting https. If you want to use https just try which mirrors are supporting it.
> ftp.us.d.o will not work very good because of the DNS round robin.
> On 30. Mai 2014 15:16:29 MESZ, Alfie John <alfiej@fastmail.fm> wrote:
> >On Fri, May 30, 2014, at 11:03 PM, Estelmann, Christian wrote:
> >> In Oct 2013 a similar discussion startet
> >> https://lists.debian.org/debian-security/2013/10/msg00027.html
> >
> >Thanks for the link, but that discussion went nowhere pretty fast.
> >
> >Alfie

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: