Should package updates be downloaded over a secure transport (e.g. HTTPS) or not? The most likely transport-level failure is that the download will fail, e.g. middlebox blocked it, bad TLS config. Thus, I recommend trying both and not relying on transport later security at all.
An update can fix broken TLS if the update isn't using the same broken TLS stack.
-
-
But update can also wait till you get home etc and on a better network?
-
It won't help if the machine is usually/always on the bad network or if the problem is not the network but your application (e.g. TLS key pinning or CA configuration).
-
Would you say this example is a good exemplar of the defense value of TLS? https://justi.cz/security/2018/09/13/alpine-apk-rce.html …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.