On Mon, Jul 09, 2012 at 09:10:59PM +0200, Andreas Kuckartz wrote:
> Thanks for the suggestion to use "vagrant ssh". I am now having a close
> look at the VM from inside.
>
> I noticed that all the repositories configured in
> /etc/apt/sources.list
> use http instead of https.
>
> I suggest to change that to reduce the threat of MITM attacks. To do that
> apt-get install apt-transport-https
> is required.
All repositories and their respective content are authenticated using
cryptographic signatures [1]. I don't really see a reason in preventing
content proxying (which is essential for fast builds) to prevent DoS
attacks.
[1]
http://wiki.debian.org/SecureApt
> I am experimenting with these and other changes.
Please do! And submit patches! :)
--
Ague