[OmniOS-discuss] https://pkg.omniti.com (was: SECURITY UPDATE FOR OpenSSL & Perl; plus other fixes)

qutic development mailinglists at qutic.com
Wed Mar 2 11:41:38 UTC 2016


> Am 02.03.2016 um 12:08 schrieb Ben Summers <ben at bens.me.uk>:
> 
> This was rejected previously due to the significant additional latency of https.


Please, please do not spread myth from the last century. This is not true!
Add a proper tls-termination in front and you are good to go.

> Now that packages are signed properly, you don't need https to assure integrity of the software.


Yes signed packages are fine, but not my case. As you now your county is taking a full take - on all they can get!

> If you wish to avoid disclosing your updates to passive observers, you could use a local mirror.


Yes I could be, but that does not make the internet a better and more secure place!

- Stefan


More information about the OmniOS-discuss mailing list