Am 02.04.2014 19:01, schrieb Daniel Micay:
On 02/04/14 12:47 PM, Nowaker wrote:
There may be a transparent proxy in your routing chain that strips compression in order to run a virus scan. Time for SSL-securing Arch Linux repos to prevent any sort of man-in-the-middle attacks? Even such trivial things like compression stripping, or image optimization often performed by mobile internet providers is a man-in-the-middle. This should be fought by any means. Packages are already signed, and pacman has support for signing the repositories. Using TLS for repositories is close to useless because the mirrors are not *really* trusted entities, and the CA system is a broken alternative to the solid archlinux-keyring package. We aren't actually signing the sync databases yet, but should be. Even if it means using a low-trust key on the servers, it would need to be
On 02/04/14 01:00 PM, Daniel Micay wrote: treated differently than the package signing keys if it was a lower trust level though, because it shouldn't be able to sign packages.
Maybe require all certificates used for package signing to have the "codeSigning" capability? The database certificate won't have that flag.