Hans-Christoph Steiner <hans@at.or.at> writes: > I should add: apt-transport-tor is a great project to improve this situation as well that is probably more secure than HTTPS, but at a cost of probably much slower download speeds. Using an apt mirror with an onion address would entirely supplant HTTPS. > > So don't get me wrong, I don't think HTTPS is a great system, what I'm saying is that the current state of apt mirrors (HTTP and GPG signing) is not enough. HTTPS can help, especially when used with some kind of certificate/SPKI pinning. Tor can help too, especially when used with onion addresses. Are there any mirrors with a hidden service onion address? If so, I would like to know where! Are there any mirror operators out there who might be interested in adding a tor hidden service, but don't know how? If so, contact me, I'd be happy to help you set it up. micah
Attachment:
pgpq4LgC7AEwC.pgp
Description: PGP signature