Debian HTTPS mirrors
Ben Scott
dragonhawk at gmail.com
Wed Dec 24 11:57:16 EST 2008
On Wed, Dec 24, 2008 at 11:41 AM, Thomas Charron <twaffle at gmail.com> wrote:
> No luck finding any searching, anyone know if there are any debian
> mirror sites which can serve over https?
Given the computational expense involved in encrypting such a large
payload, I would expect such to be rare and short-lived. It's
generally seen as more efficient to verify at the end-point, rather
than trying to keep the entire distribution chain secure. My
understanding is that Debian packages include GPG signatures and MD5
checksums, which APT checks. May I ask why that is not sufficient to
verify integrity and authenticity?
-- Ben
More information about the gnhlug-discuss
mailing list