|
|
|
|
|
|
by elmerfud
2954 days ago
|
|
|
I think you've mentioned the primary reasons distributors don't consider it a concern. If snooping the the package lists to determine the update list is considered a risk / attack vector, then this is mitigated by running your own mirror with https. Any environment that's at the level where this is one of their security concerns, I would argue is at the point they should have their own mirror, for not only this reason but for the many other benefits it provides. |
|
|