© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@holly
> What about Martin Pool's idea of accessing ppa through https? Would it give protection from this type of attack?
I did specifically say above that it's not a substitute for archive signing. It won't silence apt and it won't protect against all attacks.
My reasons for suggesting it are: it seems like most of the infrastructure is already in place and therefore it may be faster/easier than per-archive signing keys, and it gives some practical protection against network attacks.