Casper Thomsen wrote... > On Sun, Dec 18, 2016 at 12:35 PM, datanoise <datano...@bitjungle.info> wrote: > > There could be https mirrors as well as non-https mirrors. > > There is https://cloudfront.debian.net which you could decide to trust. > > It doesn't *need* to be a "Debian SSL cert"; since you trust the > mirror anyway is some regard, you could as well "just" also trust the > mirror's certificate (and handling thereof).
Well, this creates trust for the path until (but excluding) that
particular mirror only. Can I trust the mirror? And even if, there's no
guarantee the mirror got the data through a trusted path.
Christoph
signature.asc
Description: Digital signature
