|
|
|
|
|
|
by pooper
135 days ago
|
|
|
> The fact is allowing any type of unsigned update on HTTP is a security flaw in itself. Reminds me about ten years or so ago when I was installing Debian or something and I noticed the URL for the apt install mirrors were http and not https. People helpfully pointed out this is a non issue because the updates are signed. Ok I guess but then why did Debian switch to https? |
|
|
Because security people kept bullying them?