Project

General

Profile

Actions
Copy link

Bug #34116

open

Manual 3.0: Debian/Ubuntu installation instructions use "http://"

Added by Dirk Heinrichs about 3 years ago. Updated about 2 years ago.

Status:
New
Priority:
High
Assignee:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

In the sources.list file, the URL should start with "https://" instead of "http://". Since the instructions for getting the signing key already use "https://" that should be possible for the packages too (and no, there's no need to install "apt-transport-https" anymore on the supported versions of Debian/Ubuntu ;-) ).

Actions
Copy link
 #1

Updated by Dirk Heinrichs almost 3 years ago

Manual for 3.2 still tells the users to use http instead of https.

Actions
Copy link
 #2

Updated by Dirk Heinrichs over 2 years ago

... and so does 3.3.

Are documentation bugs getting fixed at all in this project?

Actions
Copy link
 #3

Updated by Markus Bucher about 2 years ago

I would not necessarily call it a bug. As far as security is concerned APT repositories do not rely on the used transport-protocol.

Downloading the public-key is IMHO the only request you really need to do via HTTPS (and if you have a secure source to get the public-key's fingerprint from, even that can be done using HTTP).

If you can trust the GPG-key used to sign the repository metadata and the used checksum-algorithms then you can trust the content of the APT repository.

Actions
Copy link

Also available in: Atom PDF