On Fri, Jul 4, 2014 at 11:44 AM, Hans-Christoph Steiner <h...@at.or.at> wrote: > > [rhetoric encouraging the use of TLS transport for mirrors] > [list of current https mirrors]
Far be it from me to argue with ucalgary.ca, but one thing that bothers me about using TLS as a download transport is that, if I were the spooks, and I wanted a huge sample of crypts from a known plaintext, I could think of worse ways to go than to get the opensource crowd to provide them for me. I mean, yeah, they probably have the resources to simulate the debian download infrastructure in their internal server farms, but why do their work for them and free their resources up for other jobs? Especially when the only real advantage of using TLS download transport is (the illusion of) being able to download what you want without "them" knowing exactly what you downloaded. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iOTxVcCGyh5+d4VA43279Np6cKm9=4sq-wl0a1v8j5...@mail.gmail.com
