Am 20.12.2016 um 14:41 schrieb Malte Gell:
Am 18.12.2016 um 20:08 schrieb Marcus Meissner:
(...) I think that the core repodata that is always delivered from download.opensuse.org should probably be https served though. I will see if I get that implemented.
Why not the whole stuff? As a distributor you are in a unique position. As we all know, (almost) all CAs are evil, you can´t trust them. You could install a self signed/made certificate and distribute it via Firefox update and ship it with the distribution! This way you save money and don´t depend on malicious CAs :-) You´d have a rock safe certificate. No bad CA being the man in the middle.
Yes and no. Not everyone uses SUSE products exclusively, and self-installed browsers will not know about the self-signed certificate. Additionally, everyone who wants to start using SUSE products will have to make an initial download without SUSE-modified software. Susan -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org