Startseite » Forum » Trisquel users
Verfasst von GNUser am So, 04/28/2019 - 16:41

Security problems with http updates, might also affect Trisquel

2 Antworten [Letzter Beitrag]
So, 04/28/2019 - 16:41
GNUser
GNUser
Offline
Beigetreten: 07/17/2013

Hey guys,

According to The Guardian Project there are security issues with using http to update from official repositories. I wonder if this also affects Trisquel and wether using "tor+http" should be enough to stop it?
This is the article https://guardianproject.info/2019/01/23/use-onions-https-for-software-updates

Hope someone will have more insight about this than I do. If necessary I could open a bug ticket, not sure if it's the best thing to do?

Thanks.

Oben
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
So, 04/28/2019 - 16:57
#1
Magic Banana
Magic Banana

I am a member!

I am a translator!

Offline
Beigetreten: 07/24/2010

All mirrors of Trisquel's repository (and the official repository itself) use HTTPS, except the Indian mirror, the Romanian mirror and one of the three US mirrors.

Oben
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Mo, 04/29/2019 - 15:20
#2
GNUser
GNUser
Offline
Beigetreten: 07/17/2013

Thanks for the reply Magic Banana. I wonder, shouldn't we still get rid of the http mirrors in light of what the article above says? Apparently it affects Debian and all derivatives (Ubuntu, etc).

One more question I admit that my sources.list was filled with http mirrors, and I changed it. Are these lines enough?

deb tor+https://archive.trisquel.info/trisquel/ flidas main
deb-src tor+https://archive.trisquel.info/trisquel/ flidas main #Added by softw$

Or am I missing the "security" ones? I used to have those before...
Thanks.

Oben
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines