[PVE-User] HTTPS for download.proxmox.com
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Nov 30 16:44:22 CET 2017
> Francesco Ongaro <francesco.ongaro at isgroup.it> hat am 30. November 2017 um 16:34 geschrieben:
>
>
> On 30/11/2017 15:11, lemonnierk at ulrar.net wrote:
> > This is dumb. I agree that it wouldn't cost them anything to setup
> > HTTPS, but I also agree that it is useless. The packages are signed and
> > apt already checks the signature, HTTPS wouldn'd add anything at all.
> >
> > Unless you want to hide the fact that you are installing proxmox itself,
> > but the connection to proxmox's repo itself gives that away.
>
> You are right until you install something manually using dpkg.
>
> Example:
>
> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb
>
for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous..
1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463
More information about the pve-user
mailing list