[arch-general] pacman-key complaining, but what to do about it?
Leonid Isaev
lisaev at umail.iu.edu
Wed Apr 2 13:32:51 EDT 2014
On Wed, 02 Apr 2014 18:47:52 +0200
Nowaker <enwukaer at gmail.com> wrote:
> > There may be a transparent proxy in your routing chain that strips
> > compression in order to run a virus scan.
>
> Time for SSL-securing Arch Linux repos to prevent any sort of
> man-in-the-middle attacks? Even such trivial things like compression
> stripping, or image optimization often performed by mobile internet
> providers is a man-in-the-middle. This should be fought by any means.
>
If you are talking about mirrors, then look at
https://www.archlinux.org/mirrorlist/all/https/ . At least in my experience,
using tls allows to evade certain routers which redirect to a captive
portal if plain http is used, but don't touch encrypted traffic (e.g. if you
are in a hotel and need to install something).
However, tls adds CPU overhead and is not a way to fight broken ISPs and
proxies/routers.
Cheers,
--
Leonid Isaev
GnuPG key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140402/ebfb7610/attachment.asc>
More information about the arch-general
mailing list