On Mon, Oct 28, 2013 at 09:31:35PM -0400, Mark Haase wrote: > It's a bit ironic that the Debian security site doesn't offer SSL, right? > If an attacker can MITM an organization that uses Debian, then they can > MITM the Debian security page and control what security bulletins that > organization can access.
BTW: if the NSA take one single trusted CA (and they did for sure), HTTPS is b0rken for each site. Yours, VB. -- Volker Birk Oberer Graben 4, 8400 Winterthur, Schweiz mailto:v...@dingens.org http://fdik.org
pgpHII58oKoGb.pgp
Description: PGP signature
