[Bug 1179677] Re: Ubuntu does not use HTTPS for repositories
Fred
1179677 at bugs.launchpad.net
Mon May 13 23:20:00 UTC 2013
How significant is the overhead?
Google, Facebook and Twitter now all use HTTPS by default.
With a sniffer or MITM-attack someone could know which distribution and
version is used, e.g. raring and use that for targeted attacks.
Maybe not using HTTPS would make it easier for repressive totalitarian governments to infect people's computers.
I don't know. I guess HTTPS would add an extra layer of security.
If the reason is overhead, then it is understandable.
But maybe there should be an non-default optional way to enable HTTPS for users who really want it?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1179677
Title:
Ubuntu does not use HTTPS for repositories
Status in “apt” package in Ubuntu:
Invalid
Bug description:
$ sudo apt-get update
[sudo] password for anonymous:
Hit http://ppa.launchpad.net raring Release.gpg
Hit http://extras.ubuntu.com raring Release.gpg
Hit http://ppa.launchpad.net raring Release
Hit http://extras.ubuntu.com raring Release
Hit http://security.ubuntu.com raring-security Release.gpg
Hit http://archive.ubuntu.com raring Release.gpg
...
Ubuntu gets packages from insecure HTTP sources instead of secure
HTTPS sources.
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: apt 0.9.7.7ubuntu4
ProcVersionSignature: Ubuntu 3.8.0-20.31-generic 3.8.11
Uname: Linux 3.8.0-20-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Mon May 13 23:07:04 2013
InstallationDate: Installed on 2011-10-21 (570 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MarkForUpload: True
SourcePackage: apt
UpgradeStatus: Upgraded to raring on 2013-01-20 (112 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1179677/+subscriptions
More information about the foundations-bugs
mailing list