Date: Wed, 06 Oct 2021 19:45:08 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 224336] /etc/pkg/FreeBSD.conf should use HTTPS by default Message-ID: <bug-224336-227-TrG3bSufIq@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-224336-227@https.bugs.freebsd.org/bugzilla/> References: <bug-224336-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224336 Daniel Ebdrup Jensen <debdrup@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |debdrup@freebsd.org --- Comment #7 from Daniel Ebdrup Jensen <debdrup@freebsd.org> --- I'm going to ignore whether or not it should be done, as it really isn't up= to me. However, it should perhaps be noted that switching from HTTP to HTTPS makes= it impossible to set up a simple HTTP cache server. This not only saves a lot of bandwidth for both the package servers and the individual clients, but also means that once the files have been cached, it= 's a lot faster on the clients using the cache. For what it's worth, it is possible by setting up a fake root certificate a= nd MITMing ones own traffic, with the modifications that this requires to trust self-signed root certificates, but that's quite a bit more involved even in= the best-case scenario. It might also be worth noting that freebsd-update uses the exact same idea = of key fingerprinting, for much the same reason too. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224336-227-TrG3bSufIq>