Re: apt config options to specify the CA of the https repository?

To: debian-user@lists.debian.org
Subject: Re: apt config options to specify the CA of the https repository?
From: Vincent Lefevre <vincent@vinc17.net>
Date: Sun, 21 Sep 2025 19:09:54 +0200
Message-id: <[🔎] 20250921170954.GA215607@joooj.vinc17.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CAH8yC8nwozem7-02CTq_v2C0wbtwTiPk3VBeStUC2WyznR1Fhw@mail.gmail.com>
References: <[🔎] AS8PR01MB7462042C1B6C2FF7E4DDA39F8511A@AS8PR01MB7462.eurprd01.prod.exchangelabs.com> <[🔎] CAH8yC8nwozem7-02CTq_v2C0wbtwTiPk3VBeStUC2WyznR1Fhw@mail.gmail.com>

On 2025-09-19 14:27:59 -0400, Jeffrey Walton wrote:
> The list of MD5 sums of each package is signed, so their authenticity
> can be verified using the signature.  See
> <https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html>.

The authenticity is not the only requirement for security. You also
need to have a way to ensure that the packages are up-to-date.

With HTTP, connections can be redirected to a repository with
obsolete, vulnerable packages.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: apt config options to specify the CA of the https repository?
  - From: Michael Stone <mstone@debian.org>

References:
- apt config options to specify the CA of the https repository?
  - From: Harald Dunkel <harald.dunkel@aixigo.com>
- Re: apt config options to specify the CA of the https repository?
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: Re: Help with my question, please.
Next by Date: Re: apt config options to specify the CA of the https repository?
Previous by thread: Re: apt config options to specify the CA of the https repository?
Next by thread: Re: apt config options to specify the CA of the https repository?
Index(es):
- Date
- Thread