debian-project
[Arriba] [Todas las Listas]

Re: Ningún puerto 443 (https) disponible en "seguridad.debian.org"-repo

To: "Zei Ha gmx.net" <zeiha@xxxxxxx>, debian-project@xxxxxxxxxxxxxxxx
Subject: Re: Ningún puerto 443 (https) disponible en "seguridad.debian.org"-repository
From: Chris Lamb <lamby@xxxxxxxxxx>
Date: Tue, 25 Jul 2017 21:56:41 +0100
Delivered-to: lists-debian-project@xxxxxxxxxxxxxxxxx
Delivery-date: Tue, 25 Jul 2017 16:57:05 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=GG6lU5 EE93mVbwPG9lWkrgWNxE3Iei5uJV125KybX/8=; b=WCj/ihDp+E2wlhYps7TnaW y1dCGoWoqTsuMeBNJYahI/RRH9WLG4jh886WLGVb98hPsf+qlkbyDKiVMRvR02tf 2OB9nE06eLsAQjqArZ+JhpAQD4X5Q8xXRLIStZoZuX31HwsMvRnEHoM3mvXk+Vf6 9Yd+NlwsnLZbFEXjONBSRe3io4USrHaWi9H/5Wyke70+NCFhpSmJXjEqP+MWoArf i1DLrQKdus7mPqcu/+CeZnMlf6stjIBBlgno8zh4kJBErNNsN2wMzvgSf4+OuLgB m8Ws7IPc89I7uSuhtUe2zqslI1Q3BOvdtgrO4bhY0Ljk9ac91xtgcZTYI8WsR83w ==
Envelope-to: listas@xxxxxxxxxxx
In-reply-to: <0MQNFY-1dApuO025k-00Tk2M@mail.gmx.com>
List-archive: https://lists.debian.org/msgid-search/1501016201.1252969.1052467376.17722981@webmail.messagingengine.com
List-help: <mailto:debian-project-request@lists.debian.org?subject=help>
List-id: <debian-project.lists.debian.org>
List-post: <mailto:debian-project@lists.debian.org>
List-subscribe: <mailto:debian-project-request@lists.debian.org?subject=subscribe>
List-unsubscribe: <mailto:debian-project-request@lists.debian.org?subject=unsubscribe>
List-url: <https://lists.debian.org/debian-project/>
Old-return-path: <lamby@xxxxxxxxxx>
References: <0MQNFY-1dApuO025k-00Tk2M@mail.gmx.com>
Resent-date: Tue, 25 Jul 2017 20:57:03 +0000 (UTC)
Resent-from: debian-project@xxxxxxxxxxxxxxxx
Resent-message-id: <5NMXODuVKZO.A.DAC.fC7dZB@bendel>
Resent-sender: debian-project-request@xxxxxxxxxxxxxxxx
*Zeiha,

> vuestro *repositories en "*debian.*org" (Especialmente "*http://seguridad.*debian.*org/&*quot;
> !!) No es!

Esto ha sido traído arriba de mucho tiempo en muchas listas; complacer
ver/buscar el *archives en futuro.

Los archivos son *cryptographically firmado que garantiza
no han sido *tampered con en *transit (*modulo *replay
ataques que son manejados en una manera diferente).

La cosa única que adopta podría proporcionar sería algunos *quasi-
anonimato con consideraciones a qué paquetes estás descargando
pero incluso que es dudoso desde las medidas de paquete ellos
es muy revelando.

En corto, hay ninguna necesidad para SSL. Complacer ver
<*https://*wiki.*debian.*org/*SecureApt> Para los detalles técnicos.


Consideraciones,

-- 
      ,''`.
     : :'  :     Cordero de Chris, *Debian Dirigente de Proyecto
     `. `'`      Lamby@xxxxxxxxxx / *chris-cordero.*co.*uk
       `-


Zeiha,

> your repositories on "debian.org" (especially "http://security.debian.org/";
> !!) are not!

This has been brought up many times on many lists; please
see/search the archives in future.

The files are cryptographically signed which guarantees
they haven't been tampered with in transit (modulo replay
attacks which are handled in a different way).

The only thing adopting might provide would be some quasi-
anonymity with regards to which packages you are downloading
but even that is doubtful since the package sizes themselves
are very revealing.

In short, there's no need for SSL. Please see
<https://wiki.debian.org/SecureApt> for the technical details.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@xxxxxxxxxx / chris-lamb.co.uk
       `-


<Anterior por Tema] Tema Actual [Siguiente por Tema>