Should package updates be downloaded over a secure transport (e.g. HTTPS) or not? The most likely transport-level failure is that the download will fail, e.g. middlebox blocked it, bad TLS config. Thus, I recommend trying both and not relying on transport later security at all.
-
-
Is this still true?: "Chrome Browser sends requests to multiple URLs when it’s checking for and downloading updates. The order of requests is determined dynamically at runtime. Both HTTP and HTTPS protocols might be tried." - https://support.google.com/chrome/a/answer/6350036?hl=en&visit_id=636725543582572857-3767229547&rd=1 …
-
Last I heard, yes, Omaha still falls back to HTTP. Chromium has a high degree of confidence in their integrity assurance mechanisms, including protection from fallback attacks, etc. Most other updaters I've seen have flaws.
- End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.