On Thu, Jun 01, 2023 at 07:07:04AM -0400, Michael Lazin wrote:
> I realize it is work but it would be good if apt had an option for https.
It does.
> You can still update with FTP mirrors. Wouldn't it be a good idea to allow
> using https and keep http as a fall back for those who need an http
I realize it is work but it would be good if apt had an option for https.
You can still update with FTP mirrors. Wouldn't it be a good idea to allow
using https and keep http as a fall back for those who need an http mirror?
Thank you,
Michael Lazin
.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
On Thu, Jun 1, 2023, 02:08 Simon Richter wrote:
>
> The reason for the change is that it reduces user confusion. Users are
> learning that unencrypted HTTP has neither integrity nor
> confidentiality, and that they should actively check that web sites use
> HTTPS, so we have gotten several
Hi,
- when you use switches, the local network segment has no other nodes
- if there were other nodes, they would likely miss some packets in
the conversation, which means they cannot generate checksums
- there is no software that can perform this inspection
Yep, there are
Hi Simon - thanks for the response. Please find my reply inline below:
On Wed, 31 May 2023 at 11:07, Simon Richter wrote:
>
> On 5/31/23 05:42, James Addison wrote:
>
> >* It allows other devices on the local network segment to inspect the
> > content that other nodes are sending and
Hi,
On 5/31/23 05:42, James Addison wrote:
* It allows other devices on the local network segment to inspect the
content that other nodes are sending and receiving.
That is very theoretical:
- when you use switches, the local network segment has no other nodes
- if there were
In follow-up to: https://lists.debian.org/debian-devel/2016/10/msg00592.html
As an update here: the default recommendation in the Debian release notes now
recommends[1] HTTPS instead of HTTPS by default.
Despite the validity of many of the theoretical concerns about APT over HTTP,
I reckon that
7 matches
Mail list logo
