[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS enabled Debian Security repository

林博仁 wrote...

> I believe that there's no benefit on accessing Debian archive with HTTPS as
> they uses GnuPG for authentication

GnuPG indeed serves the purposes of authenticity and integrity very
well. Modulo bugs every now and then, but they happen on other layers as

Also, nobody should rely on the privacy in this case since the server
content is public and the clients have a fairly simple access pattern.
Decoding the transfers from this isn't trival but seems doable with some
effort - one day I'll write a prove of concept for this.

There is however a reason for https, a sad one though: Braindead
"security" applicances that do deep packet inspection and might reject
the download of packages.


Attachment: signature.asc
Description: Digital signature

Reply to: