[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

HTTPS needs to be implemented for updating



I know Micah Lee has been making the case for HTTPS connections for some time. Why can't Debian make this happen? This bug makes clear that relying on validating signatures is not foolproof 100% of the time and that additional layers of protection should be in place to try to mitigate weaknesses (even temporary ones).  

What with Let's Encrypt now active, there is no excuse to not move everything to HTTPS for updating.

https://www.debian.org/security/2016/dsa-3733


Reply to: