|
|
|
|
|
|
by gatmne
3137 days ago
|
|
|
HTTPS also doesn't guard you against someone replacing the binaries on the server (e.g. what happened to transmission). It also doesn't protect you from misconfigured corporate or state level MITM firewalls that don't check certificate validity. HTTPS is intended for transport security. Using it for package authentication is generally a mistake. That's why most distributions accept the additional complexity of PGP instead of only relying on HTTPS. |
|
|