[PVE-User] HTTPS for download.proxmox.com
Francesco Ongaro
francesco.ongaro at isgroup.it
Thu Nov 30 18:12:13 CET 2017
On 30/11/2017 16:44, Fabian Grünbichler wrote:
>> Francesco Ongaro <francesco.ongaro at isgroup.it> hat am 30. November 2017 um 16:34 geschrieben:
>> You are right until you install something manually using dpkg.
>>
>> Example:
>>
>> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb
>
> for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous..
>
> 1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463
Hi Fabian,
I think that good security is implemented by overlapping multiple
controls while keeping the workflow simple and convenient for end
users.
When the cost is low it's often a no-brainer to implement a security
control.
Checking hashes manually is certainly doable, maybe not that convenient.
Sorry to sound ridiculous to you[1], my opinion is that being able to
communicate in a professional way is a nice skill to cultivate.
Best regards,
Francesco
[1] https://wiki.debian.org/SummerOfCode2013/StudentApplications/FabianG
"I am an advocat of free and open source software as well as meaningful
security solutions for everyone (such as accessable encrypted
communication methods and secure information storage)."
--
Francesco Ongaro, Senior Security Researcher
ISGroup: Information Security Group (www.isgroup.it)
Tel (+39) 045 4853232
Fax (+39) 045 5111719
Voicemail (+39) 02 320624653
AVVISO PRIVACY
Il contenuto della presente e-mail ed i suoi allegati, sono diretti
esclusivamente al destinatario e devono ritenersi riservati, con
divieto di diffusione o di uso non conforme alle finalità per le quali
la presente e-mail è stata inviata.
Pertanto, ne è vietata la diffusione e la comunicazione da parte di
soggetti diversi dal destinatario, ai sensi degli artt. 616 e ss. c.p.
e D.lgs n. 196/03 Codice Privacy.
Se la presente e-mail ed i suoi allegati sono stati ricevuti per
errore, siete pregati di distruggere quanto ricevuto e di informare il
mittente al seguente recapito: isgroup at isgroup.it
More information about the pve-user
mailing list