On Fri, May 30, 2014, at 11:29 PM, Michael Stone wrote: > On Fri, May 30, 2014 at 11:25:58PM +1000, Alfie John wrote: > >Well yes, that's something. But serving Debian over HTTPS would prevent > >the need for this. > > No, it wouldn't--you'd just have a different set of problems. Given that > mirrors are distributed, it would probably be much more likely that > you'd improperly rely on a compromised mirror simply because it's > serving files via https.
If the fingerprints where on a canonical Debian server (aka non-mirror) being served over HTTPS, then I would be happy with that too. Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401456752.11334.123293437.379eb...@webmail.messagingengine.com
