6 Jul
2013
6 Jul
'13
08:34
We have learned how much effort governments take to control and monitor the Internet. With this in regard, wouldn´t it make sense to switch download.opensuse.org to SSL? I know, rpm packages are signed with GnuPG, but if you add a new repo an attacker still is able to give you a forged GnuPG key and a forged repo, not the repo you actually tried to subscribe to. Thus, GnuPG signing of rpm does not prohibit man in the middle attacks. I think SSL for download.opensuse.org would give more safety to people living in authoritarian regimes who want to download openSUSE software. Malte