Dnia 2013-10-30, śro o godzinie 11:34 -0200, Djones Boni pisze: > On 30-10-2013 11:05, Celejar wrote: > > You're snipping crucial context; my comment above was in response to > > this: > >> For apt-get a self-signed certificate could be used which comes together > >> with Debian. No CA required. This is both simpler and safer. > > I was pointing out that this comment makes no sense in the context of > > apt-get. It sounds like you're referring to the website or email system. > I am talking about updates. > > Yes. Apt uses OpenPGP to verify the integrity and authenticity of the > packages it downloads. > But how does apt get these packages? Over insecure HTTP. > > Hacking DNS or MITM attack can hide updates from you or a country. Then > you are vulnerable due out-of-date software and you don't even know > about it. > >
> and you don't even know > about it. Thats why I am on the debian-security@lists.debian.org -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1383144555.23607.4.camel@rp1.business