Re: [Tails-dev] Tails Vagrant VM: repositories in /etc/apt/…

Nachricht löschen

Nachricht beantworten
Autor: Ague Mill
Datum:  
To: The Tails public development discussion list
Betreff: Re: [Tails-dev] Tails Vagrant VM: repositories in /etc/apt/sources.list use http instead of https
On Mon, Jul 09, 2012 at 09:10:59PM +0200, Andreas Kuckartz wrote:
> Thanks for the suggestion to use "vagrant ssh". I am now having a close
> look at the VM from inside.
>
> I noticed that all the repositories configured in
> /etc/apt/sources.list
> use http instead of https.
>
> I suggest to change that to reduce the threat of MITM attacks. To do that
> apt-get install apt-transport-https
> is required.


All repositories and their respective content are authenticated using
cryptographic signatures [1]. I don't really see a reason in preventing
content proxying (which is essential for fast builds) to prevent DoS
attacks.

[1] http://wiki.debian.org/SecureApt

> I am experimenting with these and other changes.


Please do! And submit patches! :)

--
Ague