Way to make assumptions, Trent. I can't control the fact that some repositories are SSL only. That's out of my control. Choosing not to use software just because the authors believe in SSL-everywhere would be ridiculous. Even though I agree, it's not adding any actual security.
-Toby On Thu, 18 Jun 2015 at 11:36 Trent W. Buck <[email protected]> wrote: > Toby Corkindale <[email protected]> writes: > > > I know I can use acquire::http::proxy in apt.conf.d to set a proxy > server, > > but this seems to make it used for both HTTPS and HTTP traffic -- > however I > > only want to use it for HTTP traffic. > > Probably not helpful, but: > > Just don't use TLS for apt repos? > > What's the threat model that you're trying to address by using > apt-transport-https ? > > apt's "is this package haxxed?" relies entirely on the Release file > being signed by a GPG key in apt-key's keyring (plus a chain of > md5/sha1/sha2-sums). So AFAICT the only gain from TLS is the ability to > conceal (from your ISP) which packages you've downloaded. > What am I missing? > > >
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
