Am 02.04.2014 19:01, schrieb Daniel Micay:
On 02/04/14 01:00 PM, Daniel Micay wrote:
On 02/04/14 12:47 PM, Nowaker wrote:
There may be a transparent proxy in your routing chain that strips
compression in order to run a virus scan.
Time for SSL-securing Arch Linux repos to prevent any sort of
man-in-the-middle attacks? Even such trivial things like compression
stripping, or image optimization often performed by mobile internet
providers is a man-in-the-middle. This should be fought by any means.
Packages are already signed, and pacman has support for signing the
repositories. Using TLS for repositories is close to useless because the
mirrors are not *really* trusted entities, and the CA system is a broken
alternative to the solid archlinux-keyring package.
We aren't actually signing the sync databases yet, but should be. Even
if it means using a low-trust key on the servers, it would need to be
treated differently than the package signing keys if it was a lower
trust level though, because it shouldn't be able to sign packages.

Maybe require all certificates used for package signing to have the "codeSigning" capability? The database certificate won't have that flag.

Reply via email to