Re: pkgsrc binary packages security with pkgin

[Greg Troxel <gdt%lexort.com@localhost>]

Johnny Billquist <bqt%update.uu.se@localhost> writes:

> On 2020-01-31 15:02, Greg Troxel wrote:
>> The other thing https gives you is hiding the names of the packages you
>> download from passive eavesdroppers on the network bewteen your computer
>> and the TNF server.  One such possible eavesdropper is your ISP.  This
>> is part of the "https everyhwere" push; there is no reason to expose the
>> list of requested resources to passive eavesdroppers.
>
> At which point you probably should be loosing sleep because the ISP
> can still see where you connect to.

This is getting off topic, but exposing the set of IP addresses to which
you make requests is much less than also exposing the URLs and their
content.   It seems you don't care, but that doesn't mean it doesn't
matter.