Re: DOH (was: geolocation services disabled and Gnome maps)

To: debian-user@lists.debian.org
Subject: Re: DOH (was: geolocation services disabled and Gnome maps)
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Wed, 15 Apr 2020 07:49:28 -0400
Message-id: <[🔎] 20200415114928.GE845@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CAD8GWsv5i-Rsn9A-2Mt4peu0HkYaU4rfcvy=O2DSE40-1k6mrQ@mail.gmail.com>
References: <[🔎] 20200412084840.wcpikgqytvnuxsus@cbuster.nuvreauspam> <[🔎] 20200412101045.GL7740@tuxteam.de> <[🔎] E1jNZjg-0001wc-LQ@enotuniq.net> <[🔎] 20200412103544.GM7740@tuxteam.de> <[🔎] E1jNaP5-0001xW-R0@enotuniq.net> <[🔎] CAD8GWssYFCR-YHvucyzYXDuaNw+Skhyrb9OKmrBJz_Puk88DMg@mail.gmail.com> <[🔎] 20200413071025.GA4043@tuxteam.de> <[🔎] CAD8GWsuXe11ciYd8qV-qLnyz96nK8Y64-J6H8D7P-APM5E5NPA@mail.gmail.com> <[🔎] 20200414113258.GV845@eeg.ccf.org> <[🔎] CAD8GWsv5i-Rsn9A-2Mt4peu0HkYaU4rfcvy=O2DSE40-1k6mrQ@mail.gmail.com>

On Tue, Apr 14, 2020 at 07:12:47PM -0400, Lee wrote:
> On 4/14/20, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
> > Accessing the mirrors via https makes the packages un-cacheable, which
> > makes the traffic volume significantly greater -- and the package lists
> > are already signed, so there's no gain in trustworthiness of the packages.
> >
> > Some people may cite "privacy", as in "I don't want them to know which
> > window manager I use", or something... I do not understand this
> > argument, frankly.  It sounds paranoid to me.
> 
> How about people that cite "security"?  And yes, I take the simplistic
> approach that encrypted=good and clear-text=bad but clear-text allows
> things like
>   https://www.guardicore.com/2019/01/a-vulnerability-in-debians-apt-allows-for-easy-lateral-movement-in-data-centers
> 
> my understanding is that vuln wouldn't have existed if https had been used.

That was a one-time bug, and was fixed quickly.  People have blown it
way out of proportion.

The general answer for people who think "it's not https so it's not secure"
is already given at <https://whydoesaptnotusehttps.com/>.

Reply to:

Follow-Ups:
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Celejar <celejar@gmail.com>

References:
- Re: geolocation services disabled and Gnome maps
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: geolocation services disabled and Gnome maps
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Lee <ler762@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Lee <ler762@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Lee <ler762@gmail.com>

Prev by Date: Re: Can I install Debian on Raspberry Pi?
Next by Date: Re: Debian is testing Discourse
Previous by thread: Re: DOH (was: geolocation services disabled and Gnome maps)
Next by thread: Re: DOH (was: geolocation services disabled and Gnome maps)
Index(es):
- Date
- Thread