[Cryptography] Kali Linux security is a joke!

Simon Ward simon+metzdowd at bleah.co.uk
Wed Mar 18 17:33:09 EDT 2015

On 17 March 2015 19:31:17 GMT+00:00, Alfie John <alfiej at fastmail.fm> wrote:
>On Wed, Mar 18, 2015, at 05:32 AM, Viktor Dukhovni wrote:
>> I would take some time to study the "apt" security model.  It is not
>> perfect, but the use of http is not a significant problem.
>An issue with HTTP for apt is information leak. People listening on the
>wire will know what software you're installing on machines.

I would still say that is a minor issue, but if you really are concerned about the lack of transport security, find a HTTPS mirror and see where the apt-transport-https package[1] gets you. If it's not secure enough, well it's free software, file bugs and, if you are able, provide patches.

[1]: https://packages.debian.org/search?keywords=apt-transport-https&searchon=names&suite=all&section=all


More information about the cryptography mailing list