[Cryptography] Kali Linux security is a joke!
Simon Ward
simon+metzdowd at bleah.co.uk
Wed Mar 18 17:33:09 EDT 2015
On 17 March 2015 19:31:17 GMT+00:00, Alfie John <alfiej at fastmail.fm> wrote:
>On Wed, Mar 18, 2015, at 05:32 AM, Viktor Dukhovni wrote:
>> I would take some time to study the "apt" security model. It is not
>> perfect, but the use of http is not a significant problem.
>
>An issue with HTTP for apt is information leak. People listening on the
>wire will know what software you're installing on machines.
I would still say that is a minor issue, but if you really are concerned about the lack of transport security, find a HTTPS mirror and see where the apt-transport-https package[1] gets you. If it's not secure enough, well it's free software, file bugs and, if you are able, provide patches.
[1]: https://packages.debian.org/search?keywords=apt-transport-https&searchon=names&suite=all§ion=all
Simon
More information about the cryptography
mailing list