On Fri, Jan 31, 2020 at 07:21:40PM +0100, Jan Danielsson wrote:
> On 2020-01-31 08:49, yarl-bau...@mailoo.org wrote:
> > Please Maya and Mr Billquist, can you be more specific about how it is
> > insecure?
>
> There are different domains to consider.
>
> *Assuming you can trust the build environment (which includes the
> signing process)*, and assuming that you can trust the underlying crypto:
>
> - HTTPS protects the connection between you and the server (assuming
> server authentication, and not just encryption). So if you trust the
> remote server, your client, and the HTTPS implementation, then HTTPS is
> sufficient for the entire chain.
Not really; for this to be true you have to trust the build process, the way
the binary package is uploaded to the http server and the http server itself.
With signed binary pkg you only need to trust the build process.
In a world where there are multiple sources under different administrative
domains for the same file, this is important.
--
Manuel Bouyer <bou...@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
