Dear Freddy, Am Samstag, den 16.08.2014, 14:13 -0500 schrieb Freddy: > Package: apt > Version: 0.9.7.9+deb7u2 > > Currently, apt requires install of an additional package > apt-transport-https in order to use HTTPS > > Without it, I get errors like this if I use HTTPS it. > > E: The method driver /usr/lib/apt/methods/https could not be found. > E: The method driver /usr/lib/apt/methods/https could not be found. > E: The method driver /usr/lib/apt/methods/https could not be found. > > This is an important security bug for two reasons. Its irresponsible to > expose what packages a user has on their computers before they update. > An attacker could simply interrupt the package download and exploit a > *known* security hole before a user can upgrade their package. thank you for submitting the bug report! I experienced the same problem, only to figure out later that one of the Debian package repositories I had configured in `/etc/apt/sources.list*` was incorrectly configured, that means it wanted to do HTTPS although the line only had `http://` appended to it. Could you still reproduce the problem? If yes, could you please try to deactivate some of the mirrors and see if that helps? If it does, it’d be awesome if you closed this bug report. > However, its also important to deploy SSL *everywhere* and by default. Agreed! Hopefully more mirrors will provide that support in the future. Thanks, Paul
Attachment:
signature.asc
Description: This is a digitally signed message part