[PVE-User] HTTPS for download.proxmox.com

Francesco Ongaro francesco.ongaro at isgroup.it
Thu Nov 30 18:12:13 CET 2017

On 30/11/2017 16:44, Fabian Grünbichler wrote:
>> Francesco Ongaro <francesco.ongaro at isgroup.it> hat am 30. November 2017 um 16:34 geschrieben:
>> You are right until you install something manually using dpkg.
>> Example:
>> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb
> for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous..
> 1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463

Hi Fabian,

I think that good security is implemented by overlapping multiple
controls while keeping the workflow simple and convenient for end

When the cost is low it's often a no-brainer to implement a security

Checking hashes manually is certainly doable, maybe not that convenient.

Sorry to sound ridiculous to you[1], my opinion is that being able to
communicate in a professional way is a nice skill to cultivate.

Best regards,

[1] https://wiki.debian.org/SummerOfCode2013/StudentApplications/FabianG

"I am an advocat of free and open source software as well as meaningful
security solutions for everyone (such as accessable encrypted
communication methods and secure information storage)."

Francesco Ongaro, Senior Security Researcher
ISGroup: Information Security Group (www.isgroup.it)
Tel       (+39) 045 4853232
Fax       (+39) 045 5111719
Voicemail (+39) 02 320624653


Il contenuto della presente e-mail ed i suoi allegati, sono diretti
esclusivamente al destinatario e devono ritenersi riservati, con
divieto di diffusione o di uso non conforme alle finalità per le quali
la presente e-mail è stata inviata.

Pertanto, ne è vietata la diffusione e la comunicazione da parte di
soggetti diversi dal destinatario, ai sensi degli artt. 616 e ss. c.p.
e D.lgs n. 196/03 Codice Privacy.

Se la presente e-mail ed i suoi allegati sono stati ricevuti per
errore, siete pregati di distruggere quanto ricevuto e di informare il
mittente al seguente recapito: isgroup at isgroup.it

More information about the pve-user mailing list