Allow TLS connection by default

(TNT BOM BOM) #1

allowing https repo is very great and important, but when i change the repo from http to https it really contains many connection errors which took ages to update/upgrade. hope it can be fixed and enabled by default.

(Amzker Pro Hacker) #2

Well i , personally won’t think
That this is much important

BTW connection error
Possible error in your configuration
Https working perfectly

(TNT BOM BOM) #3

well maybe you have heard apt http flaw + some surveillance countries tries to manipulate http connections as reported through FF or Qubes …etc.

so for users safety sake it is important.

not with my test i dunno why. but still its not enabled by default.

(Matt) #4

https doesnt really make apt any more secure. Also we dont have control over all our mirrors, so most would break if we forced https.

(Matt) #5

If you are talking about CVE-2019-3462, our version of apt isn’t vulnerable.
https://security-tracker.debian.org/tracker/CVE-2019-3462

(TNT BOM BOM) #6
  • From the same link you provided:

However there may be other security benefits to using HTTPS for apt updates, in that it should greatly increase the difficulty for a man-in-the-middle attacker to exploit future bugs in APT, or to temporarily delay the delivery of Release files to end users.

  • Add to it for another issue reported by some folks in the middle east:
1 Like
#7

yeah I saw that as well and I’m thinking https/TLS might be worth a second look.

Security in layers. :slight_smile:

(Matt) #9

That little extra layer of security might be nice, but the issue being we don’t control our mirrors. Not to say they couldnt support it in the future.

You could force https in parrot.list, but i dont know how many of our mirrors support it.

1 Like
(Abdel Rhman Anter) #10

iam from Egypt , now working good