On Sunday, May 8, 2022, Hiltjo Posthuma <hil...@codemadness.org> wrote:
> > > The actual HTTP data sent (not just the package data itself) is not > immediately > visible, filterable or changed by a MiTM. They also cannot easily see which > packages are installed or filter errata's, right? > > -- > Kind regards, > Hiltjo > > There is a good presentation on that, presented to me a while back when I questioned full https on pkg_add. But basically, https does not solve confidentiality and MiTM is avoided by using checksum and signify. -- Atenciosamente, Fabio Martins (+5521) 97914-8106 (Signal) https://www.linkedin.com/in/fabio1337br/