undefined | Better HN

0 pointsBeefWellington3y ago0 comments

    I think even now you can find Linux distros preferring to ship their data over HTTP with GPG-keys recommended for the security.

This isn't really to solve the same problem though. The GPG key thing is so you can use mirrors for hosting that are distributed but still trust the package came from the real source. TLS termination of where the packages are retrieved is separate.

0 comments

CHY8723y ago

Yes, the gpg piece provides that functionality nicely. However, it’s exceedingly common for the mirrors to not be provided over TLS for cost reasons. Netflix switched to serving video over TLS for no other reason than to promote the usage of TLS (after a lot of custom engineering (pki on cpu, crypto on nic iirc?) to reduce the overheads of doing this.

j / k navigate · click thread line to collapse

0 comments

CHY8723y ago

j / k navigate · click thread line to collapse