On Tue, Dec 20, 2016 at 02:41:03PM +0100, Malte Gell wrote:
Am 18.12.2016 um 20:08 schrieb Marcus Meissner:
(...) I think that the core repodata that is always delivered from download.opensuse.org should probably be https served though. I will see if I get that implemented.
Why not the whole stuff? As a distributor you are in a unique position. As we all know, (almost) all CAs are evil, you can´t trust them. You could install a self signed/made certificate and distribute it via Firefox update and ship it with the distribution! This way you save money and don´t depend on malicious CAs :-) You´d have a rock safe certificate. No bad CA being the man in the middle.
The openSUSE mirror infrastructure is largely volunteer ftp sites all around the world, this rules out doing it all over https ;) For the SUSE Linux Enterprise products we pay to use a CDN that handles HTTPS with suse.com specific certificates. The good thing is that the YUM repodata is GPG integrity checked, when you get the correct key and repomd.xml, the rest is integrity checked with SHA256 signatures. Being a trustworthy CA itself is hard. Of course one could limit it to repository handling, then this would be easier... Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org