Re: pkgsrc vs. https-only master sites

To: Thomas Klausner <wiz%NetBSD.org@localhost>
Subject: Re: pkgsrc vs. https-only master sites
From: Taylor R Campbell <campbell+netbsd-tech-pkg%mumble.net@localhost>
Date: Mon, 23 Feb 2015 15:28:32 +0000

   Date: Mon, 23 Feb 2015 15:24:59 +0100
   From: Thomas Klausner <wiz%NetBSD.org@localhost>

   The next question is how useful ssl support is without a certificate
   chain... but we can postpone that discussion.

We don't rely on the CA protection racket for integrity -- that's what
distfiles are for.  We can't plausibly rely on TLS for confidentiality
-- the pattern of remote hosts reached by pkgsrc is surely too
predictable to hide the fact that one is using pkgsrc.  So it's really
just a more complex transport layer, for our purposes.

Is there a lighter-weight TLS stack we can use than OpenSSL?  axtls?

References:
- Re: pkgsrc vs. https-only master sites
  - From: Thomas Klausner

Prev by Date: Re: pkgsrc vs. https-only master sites
Next by Date: Re: pkgsrc vs. https-only master sites
Previous by Thread: Re: pkgsrc vs. https-only master sites
Next by Thread: Re: pkgsrc vs. https-only master sites
Indexes:

Home | Main Index | Thread Index | Old Index