On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: > What are the plans for the CentOS repos with respect to authentication > and https everywhere? At the moment it is a trivial exercise to > perform a MTM attack during a yum update over http. Since the packages themselves are signed, what risk are you concerned about? -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: https everywhere.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: https everywhere.
- From: Matthew Miller <mattdm@xxxxxxxxxx>
- Date: Fri, 15 May 2015 15:49:14 -0400
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <901012391f2eec8b3b417d7765e8530b.squirrel@webmail.harte-lyne.ca>
- User-agent: Mutt/1.5.20 (2009-12-10)
- Follow-Ups:
- Re: https everywhere.
- From: Jim Perrin
- Re: https everywhere.
- References:
- https everywhere.
- From: James B. Byrne
- https everywhere.
- Prev by Date: https everywhere.
- Next by Date: Re: https everywhere.
- Previous by thread: https everywhere.
- Next by thread: Re: https everywhere.
- Index(es):
 |