[arch-general] pacman-key complaining, but what to do about it?

Leonid Isaev lisaev at umail.iu.edu
Wed Apr 2 13:32:51 EDT 2014


On Wed, 02 Apr 2014 18:47:52 +0200
Nowaker <enwukaer at gmail.com> wrote:

> > There may be a transparent proxy in your routing chain that strips
> > compression in order to run a virus scan.
> 
> Time for SSL-securing Arch Linux repos to prevent any sort of 
> man-in-the-middle attacks? Even such trivial things like compression 
> stripping, or image optimization often performed by mobile internet 
> providers is a man-in-the-middle. This should be fought by any means.
> 

If you are talking about mirrors, then look at 
https://www.archlinux.org/mirrorlist/all/https/ . At least in my experience,
using tls allows to evade certain routers which redirect to a captive
portal if plain http is used, but don't touch encrypted traffic (e.g. if you
are in a hotel and need to install something).

However, tls adds CPU overhead and is not a way to fight broken ISPs and
proxies/routers.

Cheers,
-- 
Leonid Isaev
GnuPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140402/ebfb7610/attachment.asc>


More information about the arch-general mailing list