![](https://seccdn.libravatar.org/avatar/15cc41cfd4b47f34382e34f371c1ef13.jpg?s=120&d=mm&r=g)
19 Jun
2020
19 Jun
'20
10:12
I'm wondering what the pros and cons are when using HTTPS for package downloads in openSUSE. By default, all repos are added as HTTP. When adding an additional repo, for example multimedia:apps[1], the link will be HTTPS since websites redirect to that nowadays. I suppose zypper and YaST aren't vulnerable to something like CVE-2019-3462[2][3], and load balancing works over both HTTP and HTTPS, right? So, is one better than the other? regards [1] https://download.opensuse.org/repositories/multimedia:/apps/openSUSE_Tumblew... [2] https://justi.cz/security/2019/01/22/apt-rce.html [3] https://www.cvedetails.com/cve/CVE-2019-3462/