Le 16/06/2016 18:18, Dan Purgert a écrit : 1)
So, the fact that HTTPS doesn't ~actually~ provide you with any security when a "malicious party" has root accesss to the webserver,
AND that it adds overhead to the transmission
Does it really add network overhead of just CPU overhead on the server ? 2)
Given that "debian" is the "well-trusted" party in this instance, their providing of both - their public signing key, AND - the *.iso MD5 and/or SHA checksum(s) on a HTTPS-secured webpage will suffice the conditions of "creating trust" for most people.
1) and 2) sound contradictory to me.