[arch-general] pacman-key complaining, but what to do about it?
Daniel Micay
danielmicay at gmail.com
Wed Apr 2 13:00:00 EDT 2014
On 02/04/14 12:47 PM, Nowaker wrote:
>> There may be a transparent proxy in your routing chain that strips
>> compression in order to run a virus scan.
>
> Time for SSL-securing Arch Linux repos to prevent any sort of
> man-in-the-middle attacks? Even such trivial things like compression
> stripping, or image optimization often performed by mobile internet
> providers is a man-in-the-middle. This should be fought by any means.
Packages are already signed, and pacman has support for signing the
repositories. Using TLS for repositories is close to useless because the
mirrors are not *really* trusted entities, and the CA system is a broken
alternative to the solid archlinux-keyring package.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140402/645e8714/attachment.asc>
More information about the arch-general
mailing list