On Sun, Jul 20, 2014 at 10:38:23AM +0200, Matthias Urlichs wrote: > > Pervasive monitoring. > > In and of itself, if you only access publicly-availble files, that's not a > threat.
1 Security service has unknown exploit. 2 Pervasive monitoring sees you install a package from somewhere over HTTP. 3 Attack is automated in a targeted fashion. I don't see that this is beyond the realm of possibility. This is really only a reason for having HTTPS as default, not excluding those who can't use HTTPS for legal, technical or other reasons. Iain. -- e: i...@fsfe.org w: iain.learmonth.me x: i...@jabber.fsfe.org t: +447875886930 c: MM6MVQ g: IO87we p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
pgpeX09WD6eKd.pgp
Description: PGP signature
