[Tails-dev] tails torrent tracker is http

This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Mintrigeri at ->
Delete this message

Reply to this message
Author: Sina S
Date:  
To: The Tails public development discussion list
Subject: [Tails-dev] tails torrent tracker is http
Hi guys,

I just noticed the tails torrent tracker is using http. Doesn't this leave
users of the tracker vulnerable to man in the middle attacks? Obviously the
user can verify the sig once downloaded but if the torrent has been
attacked then the sig included in the download can't necessarily be trusted
and must be downloaded seperately.
This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] [review'n'merge:1.1] feature/6608-OpenPGP-signature-verification-in-NautilusRe: [Tails-dev] tails torrent tracker is http->
lists.autistici.org administrated by postmasterLurker (version 2.3)