Is our source list safe?

Questions about software.
User avatar
Posts: 762
Joined: 19 Nov 2013 19:44

Is our source list safe?

Postby palimmo » 19 May 2017 15:33

I see no https (except for skype), but only http adressess:

Code: Select all

Get:1 jessie/updates InRelease [63.1 kB]
Ign stable InRelease                                                       
Ign jessie InRelease                                                      
Get:2 jessie-backports InRelease [166 kB]                                 
Hit stable Release.gpg                                                     
Hit stable Release                                                         
Get:3 jessie-proposed-updates InRelease [145 kB]                          
Hit jessie Release.gpg                                                    
Hit jessie Release             
Hit stable InRelease          
Get:4 jessie/updates/main amd64 Packages [406 kB]
Hit stable/main amd64 Packages                                             
Get:5 jessie/updates/contrib amd64 Packages [2,506 B]
Get:6 jessie/updates/non-free amd64 Packages [14 B]
Get:7 jessie/updates/main i386 Packages [406 kB]
Get:8 jessie/updates/contrib i386 Packages [2,526 B]                 
Get:9 jessie-backports/main amd64 Packages/DiffIndex [27.8 kB]            
Hit solydxk-8 InRelease                                           
Hit stable/main i386 Packages                                              
Get:10 jessie/updates/non-free i386 Packages [14 B]                  
Get:11 jessie-backports/contrib amd64 Packages/DiffIndex [23.3 kB]        
Get:12 jessie-backports/non-free amd64 Packages/DiffIndex [19.9 kB]       
Get:13 jessie-backports/main i386 Packages/DiffIndex [27.8 kB]  
Get:14 jessie-backports/contrib i386 Packages/DiffIndex [23.8 kB]         
Get:15 jessie-backports/non-free i386 Packages/DiffIndex [19.3 kB]       
Get:16 jessie-proposed-updates/main amd64 Packages/DiffIndex [27.8 kB]   
Get:17 jessie-proposed-updates/contrib amd64 Packages/DiffIndex [7,408 B]
Get:18 jessie-proposed-updates/non-free amd64 Packages/DiffIndex [13.6 kB]
Get:19 jessie-proposed-updates/main i386 Packages/DiffIndex [27.8 kB]    
Get:20 jessie-proposed-updates/contrib i386 Packages/DiffIndex [6,916 B] 
Get:21 jessie-proposed-updates/non-free i386 Packages/DiffIndex [14.1 kB]
Hit jessie/main amd64 Packages                                           
Hit jessie/contrib amd64 Packages           
Hit stable/main amd64 Packages             
Hit jessie/non-free amd64 Packages          
Hit jessie/main i386 Packages               
Hit jessie/contrib i386 Packages            
Hit jessie/non-free i386 Packages           
Hit solydxk-8/main amd64 Packages   
Hit solydxk-8/upstream amd64 Packages
Hit solydxk-8/import amd64 Packages
Hit solydxk-8/main i386 Packages
Hit solydxk-8/upstream i386 Packages
Hit solydxk-8/import i386 Packages
Is that safe?

Proud user of SolydK!

Dai diamanti non nasce niente, dal letame nascono i fior.

User avatar
Arjen Balfoort
Site Admin
Posts: 8647
Joined: 26 Jan 2013 19:36
Location: Netherlands

Re: Is our source list safe?

Postby Arjen Balfoort » 19 May 2017 17:04

Here's the same discussion and a remark of a user I really subscribe: ... th-apt-get
It's not that it's less secure, it's that it's less relevant to what you are trying to protect. With APT, encrypting the contents of your transaction is not so important, because what you're downloading is very uncontroversial: it's just the same Ubuntu packages that lots of people download. But what is important, is ensuring that the files as you receive them haven't been tampered with
You can find out by installing apt-transport-https and then replace http with https in your sources.list.
You'll get a lot of errors when you run "apt update".

SolydXK needs you!
Development | Testing | Translations

User avatar
Posts: 1878
Joined: 09 Oct 2013 12:45

Re: Is our source list safe?

Postby ilu » 19 May 2017 17:15

I agree with your quote that transport security is not the main concern as long as the downloaded file is untampered with.
But I'm wondering: what kind of errors are caused by https?

Posts: 2034
Joined: 09 Jan 2014 00:17

Re: Is our source list safe?

Postby kurotsugi » 22 May 2017 00:43

it wasn't caused by https. without apt-transport-https apt cannot connected into https repo and will throw bunch of error message. that package is needed for deciphering the key inside https protocols.

Return to “Software”

Who is online

Users browsing this forum: No registered users and 1 guest