On Fri, May 15, 2015 at 03:44:39PM -0400, James B. Byrne wrote: > What are the plans for the CentOS repos with respect to authentication > and https everywhere? At the moment it is a trivial exercise to > perform a MTM attack during a yum update over http. Since the packages themselves are signed, what risk are you concerned about? -- Matthew Miller <mattdm at fedoraproject.org> Fedora Project Leader