Re: HTTPS needs to be implemented for updating

Hi, On Tue Dec 20, 2016 at 10:45:23 +0100, Hans-Christoph Steiner wrote: > Also, it would be really awesome if there was: > > https://httpsredir.debian.org/debian > > Which automatically redirected to mirrors that support HTTPS. I filed > an issue here: >

Re: HTTPS needs to be implemented for updating

Marc Haber wrote... > On Wed, Dec 21, 2016 at 09:31:23AM +0100, Joerg Jaspert wrote: > > Now, if you want to manually download a .deb and dpkg -i it - then you > > have to manually do the same steps apt & co do: Get the corresponding > > packages and (In)Release files, verify its signature

Re: HTTPS needs to be implemented for updating

On 14527 March 1977, Christoph Biedl wrote: > Well, this creates trust for the path until (but excluding) that > particular mirror only. Can I trust the mirror? And even if, there's no > guarantee the mirror got the data through a trusted path. And why the heck would you ever trust any mirror? If

Re: HTTPS needs to be implemented for updating

Casper Thomsen wrote... > On Sun, Dec 18, 2016 at 12:35 PM, datanoise wrote: > > There could be https mirrors as well as non-https mirrors. > > There is https://cloudfront.debian.net which you could decide to trust. > > It doesn't *need* to be a "Debian SSL cert";

Re: HTTPS needs to be implemented for updating

On 20.12.2016 10:45, Hans-Christoph Steiner wrote: > Also, it would be really awesome if there was: > > https://httpsredir.debian.org/debian > > Which automatically redirected to mirrors that support HTTPS. I filed > an issue here: > https://github.com/rgeissert/http-redirector/issues/78

Re: HTTPS needs to be implemented for updating

Hans-Christoph Steiner: > > > Peter Lawler: >> >> >> On 18/12/16 22:03, Christoph Moench-Tegeder wrote: >>> second point requires a lot of work >>> to resolve. >>> >>> Regards, >>> Christoph >>> >> >> Monday morning yet-to-be-caffienated thoughts... >> >> I'm going to ignore the

Re: HTTPS needs to be implemented for updating

Peter Lawler: > > > On 18/12/16 22:03, Christoph Moench-Tegeder wrote: >> second point requires a lot of work >> to resolve. >> >> Regards, >> Christoph >> > > Monday morning yet-to-be-caffienated thoughts... > > I'm going to ignore the 'inconvenience' because I think in this case > that's a

Re: HTTPS needs to be implemented for updating

On Sun, Dec 18, 2016 at 12:35 PM, datanoise wrote: > There could be https mirrors as well as non-https mirrors. There is https://cloudfront.debian.net which you could decide to trust. It doesn't *need* to be a "Debian SSL cert"; since you trust the mirror anyway is

Re: HTTPS needs to be implemented for updating

On 18/12/16 22:03, Christoph Moench-Tegeder wrote: second point requires a lot of work to resolve. Regards, Christoph Monday morning yet-to-be-caffienated thoughts... I'm going to ignore the 'inconvenience' because I think in this case that's a specious argument. I acknowledge there's

Re: HTTPS needs to be implemented for updating

Christoph Moench-Tegeder : ## gwmfm...@unseen.is (gwmfm...@unseen.is): What with Let's Encrypt now active, there is no excuse to not move everything to HTTPS for updating. 1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents that (unless you break HTTPS). This not only

Re: HTTPS needs to be implemented for updating

## gwmfm...@unseen.is (gwmfm...@unseen.is): > What with Let's Encrypt now active, there is no excuse to not move > everything to HTTPS for updating. 1. Bandwidth. It's fairly easy to proxy/cache HTTP, but HTTPS prevents that (unless you break HTTPS). This not only affects the server side