[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

Le 30/05/2014 21:30, Joey Hess a écrit :
> Alfie John wrote:
>> Taking a look at the Debian mirror list, I see none serving over HTTPS:
>>   https://www.debian.org/mirror/list
> https://mirrors.kernel.org/debian is the only one I know of.
> It would be good to have a few more, because there are situations where
> debootstrap is used without debian-archive-keyring being available, and
> recent versions of debootstrap try to use https in that situation, to at
> least get the weak CA level of security.
Note that at least debian.org DNS is segned by DNSSEC and DANE is used,
which allows to check that the certificate used by a debian.org site is
the real one.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: