On 03/14/2017 12:03 AM, InfusingPrivacy wrote:
As part of my exploration of Qubes, I took a look inside yum.repos.d and I
noticed that there were quite a few repos that used http. Most are default
fedora repos, but some are Qubes repos, which raised a question of curiosity
(primarily for discussion):
Would it be helpful if certain Qubes repos used HTTPS? Why or why not?
I'm not going to claim to know all of the details and I don't wish to dictate
what Qubes devs should do, but I guess my question is more of the tone: (if it
helps and if it is not much of a hassle, why not? HTTPS should be more secure
than HTTP)
My only guess as to why not would be: the GPG keys are sufficient?
GPG is sufficient for verification, although using HTTPS would conceal
which software packages you are using
Qubes developers are already preparing to do most distribution over Tor
services, which makes HTTPS somewhat moot.
--
Chris Laprise, [email protected]
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ab843f85-766e-84d8-0716-1b9540a1be06%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
