> How do gpg signatures and SHA512 sums help with other people in the open WLAN or between I and the mirror being able to see what exactly I download or update?
HTTPS wouldn't protect you either. The sizes and dependency trees of individual packages are well-known. If I could see your HTTPS apt download traffic, I'd also be able to infer exactly what you downloaded or updated. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1186793 Title: Updating is over insecure connection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1186793/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
