Hi Linda, Others mentioned it, but the core reason here is integrity of the software you download. While once you have a repository added the GPG key is known and imported, the initial import of software repositories is tricky and needs to rely on some form of man in the middle protection. https is some form of solution here. Ciao, Marcus On Sun, Dec 18, 2016 at 04:20:23PM -0800, L.A. Walsh wrote:
Other than obedience to google, what purpose does encrypting open source linux distro binaries & source serve?
https makes most content uncacheable, and I know I've saved 700MB in Suse disc images in my cache that wouldn't have been saved with https for most people. On top of that, https slows down transfer and raises latencies.
Please reconsider whether https is really needed for "download" or "software". It's not like either is serving sensitive information and I really hate to see another sheep march to google's tune (when they want it to prevent you from selective ad filtering.
Marcus Meissner wrote:
On Sun, Dec 18, 2016 at 05:29:04PM +0100, Malte Gell wrote:
Hi there,
why does software.opensuse.org enjoy SSL, while download.opensuse.org doesn�t? download.opensuse.org so, Marcus
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org