From: | Ulrich Mueller <ulm@g.o> | ||
---|---|---|---|
To: | "Michał Górny" <mgorny@g.o> | ||
Cc: | gentoo-dev <gentoo-dev@l.g.o> | ||
Subject: | Re: [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible) | ||
Date: | Mon, 30 Sep 2019 05:04:39 | ||
Message-Id: | w6g1rvyl6i3.fsf@kph.uni-mainz.de | ||
In Reply to: | [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible) by "Michał Górny" |
1 | >>>>> On Sun, 29 Sep 2019, Michał Górny wrote: |
2 | |
3 | > Why is it useful? In my opinion, the most important point is that it |
4 | > stops third parties from sniffing what the Gentoo hosts are fetching |
5 | > and using this information against them. |
6 | |
7 | It won't hide the fact that a connection was established. Also, the |
8 | transferred data are public, and we verify them on the client side by |
9 | a checksum. So the advantage of https is very limited here. |
10 | |
11 | Ulrich |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible) | "Michał Górny" <mgorny@g.o> |