[arch-general] secure package signing related websites (was: Re: Keyring package for real)
Christian Hesse
list at eworm.de
Sun Mar 4 05:22:38 EST 2012
Hello everybody,
(As I am not allowed to post to arch-dev-public resending it here.)
ok, not really related to the keyring package, but it came to my mind when
installing it and while signing the key:
I think it makes sense to not allow pages related to package signing being
delivered via http. Instead automatically redirect to https to avoid man in
the middle attacks. First site that comes to my mind:
https://www.archlinux.org/master-keys/
--
Best regards,
Chris
O< ascii ribbon campaign
stop html mail - www.asciiribbon.org
More information about the arch-general
mailing list