Debian HTTPS mirrors

Ben Scott dragonhawk at gmail.com
Wed Dec 24 11:57:16 EST 2008


On Wed, Dec 24, 2008 at 11:41 AM, Thomas Charron <twaffle at gmail.com> wrote:
>  No luck finding any searching, anyone know if there are any debian
> mirror sites which can serve over https?

 Given the computational expense involved in encrypting such a large
payload, I would expect such to be rare and short-lived.  It's
generally seen as more efficient to verify at the end-point, rather
than trying to keep the entire distribution chain secure.  My
understanding is that Debian packages include GPG signatures and MD5
checksums, which APT checks.  May I ask why that is not sufficient to
verify integrity and authenticity?

-- Ben


More information about the gnhlug-discuss mailing list