[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Sat, Jul 05, 2014 at 08:54:55AM +0900, Joel Rees wrote:
And you know, the funny thing is that MSIE took to "warning" people
when there was a mix of encrypted and unencrypted data on a page. How
long ago? Yeah, I know, it was so they could display that red herring
of a lock for "secured pages".

You don't need a warning when you are looking at un-encrypted data.
You only need a warning if you are _sending_ un-encrypted data.

This kind of threat analysis is why so many of us are still skeptical of the need for HTTPS package mirrors.

Mike Stone

Reply to: