2 Apr
2014
2 Apr
'14
5 p.m.
On 02/04/14 12:47 PM, Nowaker wrote:
There may be a transparent proxy in your routing chain that strips compression in order to run a virus scan.
Time for SSL-securing Arch Linux repos to prevent any sort of man-in-the-middle attacks? Even such trivial things like compression stripping, or image optimization often performed by mobile internet providers is a man-in-the-middle. This should be fought by any means.
Packages are already signed, and pacman has support for signing the repositories. Using TLS for repositories is close to useless because the mirrors are not *really* trusted entities, and the CA system is a broken alternative to the solid archlinux-keyring package.