On Fri, May 30, 2014 at 11:25:58PM +1000, Alfie John wrote:
Well yes, that's something. But serving Debian over HTTPS would prevent the need for this.
No, it wouldn't--you'd just have a different set of problems. Given that mirrors are distributed, it would probably be much more likely that you'd improperly rely on a compromised mirror simply because it's serving files via https.
Mike Stone -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1db1c630-e7fe-11e3-b616-00163eeb5...@msgid.mathom.us
