1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL

  • task-laptop: please recommend automatic apt proxying

    From Russ Allbery@21:1/5 to Russ Allbery on Wed Sep 15 19:40:02 2021
    Russ Allbery <rra@debian.org> writes:

    Please do not do this. I do not want to have to reason about the
    security impact of someone who controls local DNS taking over my apt
    sources.

    Incidentally, this is also exactly why I believe we should be using https
    by default, so that a compromise of the local DNS to point to an untrusted
    apt server fails at the TLS certificate validation stage rather than
    continuing on to talk to an untrusted apt server for sufficiently long to
    start downloading files and checking signatures and thus exposing more
    attack surface.

    --
    Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)