allowing https repo is very great and important, but when i change the repo from http to https it really contains many connection errors which took ages to update/upgrade. hope it can be fixed and enabled by default.
Well i , personally won’t think
That this is much important
BTW connection error
Possible error in your configuration
Https working perfectly
well maybe you have heard apt http flaw + some surveillance countries tries to manipulate http connections as reported through FF or Qubes …etc.
so for users safety sake it is important.
not with my test i dunno why. but still its not enabled by default.
https doesnt really make apt any more secure. Also we dont have control over all our mirrors, so most would break if we forced https.
If you are talking about
CVE-2019-3462, our version of apt isn’t vulnerable.
- From the same link you provided:
However there may be other security benefits to using HTTPS for apt updates, in that it should greatly increase the difficulty for a man-in-the-middle attacker to exploit future bugs in APT, or to temporarily delay the delivery of Release files to end users.
- Add to it for another issue reported by some folks in the middle east:
yeah I saw that as well and I’m thinking https/TLS might be worth a second look.
Security in layers.
That little extra layer of security might be nice, but the issue being we don’t control our mirrors. Not to say they couldnt support it in the future.
You could force https in parrot.list, but i dont know how many of our mirrors support it.