A lot of people think TLS is unnecessary for software updates, provided the update mechanism already includes signing/verification. Unless you’re Microsoft, this seems like a big mistake.
Show this thread
-
@debian is using HTTP for APT and TBH I do not see any problem there. Their explanation is ok for what they do.
Yeah, about that bulletproof explanation of theirs... https://twitter.com/marcan42/status/1087739925175267328 … Turns out reducing their attack surface with HTTPS would've been a good idea after ell.
-
-
TLS + data signing... *AND* thoroughly checking the signature (using trusted keys). The last part is the thing that 99% of all people forget (or where laziness hits us).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.