Le 30/05/2014 21:30, Joey Hess a écrit : > Alfie John wrote: >> Taking a look at the Debian mirror list, I see none serving over HTTPS: >> >> https://www.debian.org/mirror/list > https://mirrors.kernel.org/debian is the only one I know of. > > It would be good to have a few more, because there are situations where > debootstrap is used without debian-archive-keyring being available, and > recent versions of debootstrap try to use https in that situation, to at > least get the weak CA level of security. > Note that at least debian.org DNS is segned by DNSSEC and DANE is used, which allows to check that the certificate used by a debian.org site is the real one.
signature.asc
Description: OpenPGP digital signature