On Sat, May 31, 2014 at 12:11:28AM +1000, Alfie John wrote:
On Sat, May 31, 2014, at 12:06 AM, micah anderson wrote:. keeps an adversary who may be listening on the wire from looking at what you are installing. who cares what you are installing? well it turns out that is very interesting information. If you can see that I've just installed X package, and you then just look over at our security tracker and find that this package has an exploit...It's only metadata, so who cares right? Only kidding. This is a totally legitimate scenario which I didn't think of. Nice.
So your solution to adding privacy is to make sure that every debian system checks in with debian directly rather than using a distributed infrastructure? I'd suggest looking at apt-transport-tor instead.
Mike Stone -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
