On Fri, May 30, 2014 at 10:06:06AM -0400, micah anderson wrote: > Now I don't want to call into question the esteemed authors of said > program, and depending libraries, but I do think that providing https > mirrors gives us two distinct advantages over plain http: > > . in the case that there is a bug in apt, or gpg, or something > else, having https would provide at minimum a minor set of > defense against bulk, non-targeted quantum insert and foxacid > attacks, not to mention MiTM compromises from a hostile local > network
Heh. Because SSL/TLS libraries are so impenetrable and secure? :D
signature.asc
Description: Digital signature
