著者: Sina S 日付: To: The Tails public development discussion list 題目: [Tails-dev] tails torrent tracker is http
Hi guys,
I just noticed the tails torrent tracker is using http. Doesn't this leave
users of the tracker vulnerable to man in the middle attacks? Obviously the
user can verify the sig once downloaded but if the torrent has been
attacked then the sig included in the download can't necessarily be trusted
and must be downloaded seperately.