15 May
2015
15 May
'15
9:49 p.m.
On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote:
What are the plans for the CentOS repos with respect to authentication and https everywhere? At the moment it is a trivial exercise to perform a MTM attack during a yum update over http.
Since the packages themselves are signed, what risk are you concerned about?
--
Matthew Miller
mattdm@fedoraproject.org
Fedora Project Leader