Re: [qubes-devel] Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

On 12/19/2016 06:26 PM, Patrick Schleizer wrote: What about Debian graphical installer security? Isn't that in meanwhile the ideal target for exploitation for targeted attacks? Because it will take a while until the Debian point release with fixed apt. And during the gui installer, the output o

Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

What about Debian graphical installer security? Isn't that in meanwhile the ideal target for exploitation for targeted attacks? Because it will take a while until the Debian point release with fixed apt. And during the gui installer, the output of apt-get is not visible. And stuff during installe

Re: HTTPS needs to be implemented for updating

Peter Lawler: > > > On 18/12/16 22:03, Christoph Moench-Tegeder wrote: >> second point requires a lot of work >> to resolve. >> >> Regards, >> Christoph >> > > Monday morning yet-to-be-caffienated thoughts... > > I'm going to ignore the 'inconvenience' because I think in this case > that's a

Re: HTTPS needs to be implemented for updating

On Sun, Dec 18, 2016 at 12:35 PM, datanoise wrote: > There could be https mirrors as well as non-https mirrors. There is https://cloudfront.debian.net which you could decide to trust. It doesn't *need* to be a "Debian SSL cert"; since you trust the mirror anyway is some regard, you could as well