Bug#725092: HTTPS should be supported on www.debian.org
It would useful to have HTTPS because of the wide spread mass surveillance
https://en.wikipedia.org/wiki/2013_mass_surveillance_disclosures#.22Mastering_the_Internet.22
https://en.wikipedia.org/wiki/Bullrun_%28code_name%29
> ** Tue, 01 Oct 2013 14:26:53 +0200 - 725092@bugs.debian.org, "Gerfried Fuchs" <rhonda@deb.at> **
>
> HTTPS makes MiTM attacks harder. There is important information
> on www.debian.org which should be protected against modification.
> For example GPG fingerprints: http://www.debian.org/CD/verify
>
> Of course GPG keys should be checked using Web of Trust, but
> HTTPS could be the first layer of protection. From the user
> point of view it's automatic and transparent.
>
> keyring.debian.org doesn't support HTTPS ...
>
>
> > ** Tue, 1 Oct 2013 13:59:28 +0200 - 725092@bugs.debian.org, "Gerfried Fuchs" <rhonda@deb.at> **
> >
> > * milan.kral <milan.kral@azet.sk> [2013-10-01 13:34:05 CEST]:
> > > www.debian.org is important main Debian web page, but it doesn't
> > > support https. Could it be possible to enable HTTPS? For example
> > > lists.debian.org, wiki.debian.org support HTTPS.
> >
> > Because on lists.debian.org you have subscribe information, handing
> > over email addresses that you might not want to get eavesdropped, and on
> > wiki you have login information that you clearly don't want to have go
> > unencrypted over the wire.
> >
> > What information you consider exchanging with www.debian.org that you
> > consider sensitive and needing https? "Because we can" doesn't sound
> > very convincing to me. :)
> >
> > Enjoy!
> > Rhonda
> > --
> > Fühlst du dich mutlos, fass endlich Mut, los |
> > Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
> > Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
> > Fühlst du dich haltlos, such Halt und lass los |
Reply to: