Ivan Shmakov <i...@siamics.net> writes: > My understanding is that the suggestion being discussed is to > use TLS /alongside/ the usual Debian/APT signatures – not > instead of them; and the primary goal is to improve user’s > privacy. That is: only the mirror operator will remain > empowered to know the packages the user’s interested in.
While I have no objections to using TLS for Debian mirrors, it's worth not overstating the benefits here. Package retrieval from a public mirror is susceptible to traffic analysis. You can make some pretty good guesses from the size of the object downloaded, particularly if you can watch over time and see what happens when updated packages are released. Of course, it's much harder than just passively reading the HTTP GET commands. It probably requires someone write code to map object sizes to possible packages. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>