Comment 20 for bug 1464064
Revision history for this message
| Robie Basak (racb) wrote Re: [Bug 1464064] Re: Ubuntu apt repos are not available via HTTPS | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
On Mon, Dec 25, 2017 at 08:46:16PM -0000, Victoid wrote:
> There are truly no arguments against it.
Yes there are. See comment 6, for example.
> What's the point in signing it at all?
To prevent malicious code injection.
Fixed security bugs aside (whether in openssl or in apt/gpg signing),
the current security mechanism works as designed.
Adding HTTPS as an additional layer would be nice, which is why this bug
remains open. But the sky is not falling. Please stop ignoring the other
arguments already made in this bug and pretend that it is.