[Bug 224336] /etc/pkg/FreeBSD.conf should use HTTPS by default
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Oct 2021 19:45:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224336
Daniel Ebdrup Jensen <debdrup@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |debdrup@freebsd.org
--- Comment #7 from Daniel Ebdrup Jensen <debdrup@freebsd.org> ---
I'm going to ignore whether or not it should be done, as it really isn't up to
me.
However, it should perhaps be noted that switching from HTTP to HTTPS makes it
impossible to set up a simple HTTP cache server.
This not only saves a lot of bandwidth for both the package servers and the
individual clients, but also means that once the files have been cached, it's a
lot faster on the clients using the cache.
For what it's worth, it is possible by setting up a fake root certificate and
MITMing ones own traffic, with the modifications that this requires to trust
self-signed root certificates, but that's quite a bit more involved even in the
best-case scenario.
It might also be worth noting that freebsd-update uses the exact same idea of
key fingerprinting, for much the same reason too.
--
You are receiving this mail because:
You are the assignee for the bug.