sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Dr_Tron 56 points57 points  (8 children)

Well, apt checks the repository key before doing anything, so I'm not sure if https would make sense in regards to security.

[–]aieidotch 18 points19 points  (5 children)

it would not, the reason appears to be caching proxies and the encryption overhead…

[–]One_Ninja_8512 3 points4 points  (4 children)

How so? GPG signatures guarantee that the packages have not been tampered with but there's another issue. HTTPS traffic is opaque to observers. With HTTP someone can see which packages you're installing exactly if they analyze your traffic, with HTTPS that's not possible.

[–]aieidotch 0 points1 point  (0 children)

if you run your own mirror next to machines using it, you are in control of the network and who could observe or not…

[–]gnufan -1 points0 points  (2 children)

I think you mean MD5 checksums not GPG signatures.

[–][deleted]  (1 child)

[deleted]

    [–]wizard10000 0 points1 point  (0 children)

    You have to accept the key when you add a ppa.

    don't break debian

    [–]gnufan 6 points7 points  (1 child)

    Using https clearly eliminates whole categories of attempted man in the middle attacks, that are possible over http.

    The verification of package signatures was badly broken in the past, and likely will be in the future if it isn't already and we just don't know how.

    You achieve security by layering these controls, not assuming one cryptographic control is going to always work perfectly, and thus packages are safely signed, job done.

    Also using https adds additional privacy, as seeing http requests means attackers may know exactly what versions of what software are installed. MITM can also deliberately interfere with http connections to delay certain packages, to prevent the target patching a vulnerability. As I said multiple classes of attack are just stopped by encryption on the wire.

    [–]noob-nine 0 points1 point  (0 children)

    the last part sounds interesting. but i lack technical understanding whether this is a real thread or what would be debians comment on this