I'm not particularly knowledgeable about the verification process being done by 
dnf on the signature of packages so the question still lies on me:
Is downloading packages from plaintext http susceptible to MITM?

Even if that is not the case, I believe we can't be for sure that there's no 
exploitable vulnerability on dnf involving packages poisoned either from the 
source itself or in transit through plaintext http.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to