|
|
|
|
|
|
by detaro
2705 days ago
|
|
|
Both. Without HTTPS, you can execute the attack if you can MITM the connection to the package repository. If HTTPS is used, you need to be the package repository to do the attack, or need a certificate to MITM the connection so you can pretend to be it. |
|
|