[Tails-dev] tails torrent tracker is http

Delete this message

Reply to this message
Author: Sina S
Date:  
To: The Tails public development discussion list
Subject: [Tails-dev] tails torrent tracker is http
Hi guys,

I just noticed the tails torrent tracker is using http. Doesn't this leave
users of the tracker vulnerable to man in the middle attacks? Obviously the
user can verify the sig once downloaded but if the torrent has been
attacked then the sig included in the download can't necessarily be trusted
and must be downloaded seperately.