Nice query you have asked in this forum. Thanks for your information, this is
very good topic for those who get difficulties to access their https
redirect. Why not try this podcast addict which is a free download software
application for pc, mac or laptop. Try this and don't about your security
re
On Thu, 2017-11-09 at 11:30 +0100, Marek Sebera wrote:
> Is this up-to-date repository or manually synced mirror?
Neither, it is a pair of CDNs, hosted by Fastly and Amazon, although
only the Amazon CDN supports https.
> Also note I had to set ... as trused in system certificates
Normally it al
Thank you, this seems to work. Is this up-to-date repository or manually
synced mirror?
Also note I had to set (C=US, S=Arizona, L=Scottsdale, O="Starfield
Technologies, Inc.", CN=Starfield Services Root Certificate Authority -
G2) as trused in system certificates
Marek
On 11/09/2017 11:19 AM, P
On Thu, Nov 9, 2017 at 5:57 PM, Marek Sebera wrote:
> Thank you for support, so is the https enabled repository coming up?
One of the CDNs backing deb.d.o supports https, see the last para here:
http://deb.debian.org/
--
bye,
pabs
https://wiki.debian.org/PaulWise
Thank you for support, so is the https enabled repository coming up?
Marek
On 10/26/2017 08:19 PM, Christoph Biedl wrote:
> 林博仁 wrote...
>
>> I believe that there's no benefit on accessing Debian archive with HTTPS as
>> they uses GnuPG for authentication
>
> GnuPG indeed serves the purposes of
Hi there
On 30/10/17 12:24, Russell Coker wrote:
I agree. There's little downside nowadays. Squid doesn't work particularly
well caching APT repositories nowadays (strange timeouts and hangs during
downloads) so the caching benefit of non-SSL has mostly gone away.
I have no problems with
On Monday, 30 October 2017 8:57:00 AM AEDT Hans-Christoph Steiner wrote:
> > The one from 2016 is harder to exploit: I asked on #-apt back then and
> > the sample exploit had a 1/4 success change with a 1.3 GB InRelease file
> > on a memory starved i386 system).
>
> That hit rate is enough to buil
Ansgar Burchardt:
> Henrique de Moraes Holschuh writes:
>> On Fri, 27 Oct 2017, Hans-Christoph Steiner wrote:
>>> This idea that GPG signatures on the index files is enough has been
>>> totally disproven. There was a bug in apt where Debian devices could be
>>> exploited by feeding them crafted
Henrique de Moraes Holschuh writes:
> On Fri, 27 Oct 2017, Hans-Christoph Steiner wrote:
>> This idea that GPG signatures on the index files is enough has been
>> totally disproven. There was a bug in apt where Debian devices could be
>> exploited by feeding them crafted InRelease files:
>>
>> ht
On Fri, 27 Oct 2017, Hans-Christoph Steiner wrote:
> This idea that GPG signatures on the index files is enough has been
> totally disproven. There was a bug in apt where Debian devices could be
> exploited by feeding them crafted InRelease files:
>
> https://www.debian.org/security/2016/dsa-3733
As already answered in this thread, this is already available. Per
https://deb.debian.org/:
} The redirection service is also available on HTTPS, so with the
} apt-transport-https package installed, you can use:
}
} deb https://deb.debian.org/debian stable main
} deb https://deb.debian.org/debian
I would vote for enabling HTTPs on apt related service. The main idea is
that help to prevent users from leaking the version info of installed
packages. Say, if someone can eavesdrop the communication between the
server and client for a period of time, he/she might be able to know if
the installed
Christoph Biedl:
> 林博仁 wrote...
>
>> I believe that there's no benefit on accessing Debian archive with HTTPS as
>> they uses GnuPG for authentication
>
> GnuPG indeed serves the purposes of authenticity and integrity very
> well. Modulo bugs every now and then, but they happen on other layers
林博仁 wrote...
> I believe that there's no benefit on accessing Debian archive with HTTPS as
> they uses GnuPG for authentication
GnuPG indeed serves the purposes of authenticity and integrity very
well. Modulo bugs every now and then, but they happen on other layers as
well.
Also, nobody should r
On Thu, Oct 26, 2017 at 4:43 PM, Marek Sebera wrote:
> please advise, is there any repository, that is both official mirror of
> security.debian.org and enabled with SSL (HTTPS) access?
One of the CDNs backing deb.d.o supports https, see the last para here:
http://deb.debian.org/
--
bye,
pabs
I believe that there's no benefit on accessing Debian archive with HTTPS as
they uses GnuPG for authentication
林博仁
2017-10-26 16:43 GMT+08:00 Marek Sebera :
> Hi,
>
> please advise, is there any repository, that is both official mirror of
> security.debian.org and enabled with SSL (HTTPS) acce
Hi,
please advise, is there any repository, that is both official mirror of
security.debian.org and enabled with SSL (HTTPS) access?
Accessing https://security.debian.org/ results in insecure certificate
protected domain mirror-conova.debian.org (SHA-1 signed certificate)
I've used unofficial mi
17 matches
Mail list logo
