Allow TLS connection by default


(TNT BOM BOM) #1

allowing https repo is very great and important, but when i change the repo from http to https it really contains many connection errors which took ages to update/upgrade. hope it can be fixed and enabled by default.


(Amzker Pro Hacker) #2

Well i , personally won’t think
That this is much important

BTW connection error
Possible error in your configuration
Https working perfectly


(TNT BOM BOM) #3

well maybe you have heard apt http flaw + some surveillance countries tries to manipulate http connections as reported through FF or Qubes …etc.

so for users safety sake it is important.

not with my test i dunno why. but still its not enabled by default.


(Matt) #4

https doesnt really make apt any more secure. Also we dont have control over all our mirrors, so most would break if we forced https.


(Matt) #5

If you are talking about CVE-2019-3462, our version of apt isn’t vulnerable.
https://security-tracker.debian.org/tracker/CVE-2019-3462


(TNT BOM BOM) #6
  • From the same link you provided:

However there may be other security benefits to using HTTPS for apt updates, in that it should greatly increase the difficulty for a man-in-the-middle attacker to exploit future bugs in APT, or to temporarily delay the delivery of Release files to end users.

  • Add to it for another issue reported by some folks in the middle east:

#7

yeah I saw that as well and I’m thinking https/TLS might be worth a second look.

Security in layers. :slight_smile: