On Wed, 30 Oct 2013 10:34:15 -0200 Djones Boni <[email protected]> wrote:
> On 30-10-2013 09:51, Celejar wrote: > > Maybe I'm missing something, but the security of the apt system has > > nothing to do with SSL - it uses GPG signatures. This discussion about > > SSL concerns the website, etc. > The point is server authentication. Without SSL anyone can simply hack > DNS or MITM and hide updates from somebody. You're snipping crucial context; my comment above was in response to this: > For apt-get a self-signed certificate could be used which comes together > with Debian. No CA required. This is both simpler and safer. I was pointing out that this comment makes no sense in the context of apt-get. It sounds like you're referring to the website or email system. Celejar -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
