I don't think certificates are necessary here: we could permit any https
without any certificate checking, and still have an improvement, with no
additional dangers over using http. For example, you would remain
vulnerable to DNS spoofing or man-in-the-middle problems, but you would
not be subject to the exposure of secret information in packages. (There
are plenty of cases where a link is sniffable but not pwnable.)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler-enlist in Ubuntu.
https://bugs.launchpad.net/bugs/833994

Title:
  debian-installer does not support https when using with preseed files

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/833994/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to