[PVE-User] HTTPS for download.proxmox.com

lemonnierk at ulrar.net lemonnierk at ulrar.net
Thu Nov 30 15:11:41 CET 2017


This is dumb. I agree that it wouldn't cost them anything to setup
HTTPS, but I also agree that it is useless. The packages are signed and
apt already checks the signature, HTTPS wouldn'd add anything at all.

Unless you want to hide the fact that you are installing proxmox itself,
but the connection to proxmox's repo itself gives that away.

On Thu, Nov 30, 2017 at 03:01:53PM +0100, John Crisp wrote:
> On 30/11/17 14:34, Dietmar Maurer wrote:
> >> On 11/30/2017 02:21 PM, Dietmar Maurer wrote:
> >>>> I greatly respect the work you do on Proxmox but this specific response
> >>>> is under your habitual standards from a security standpoint.
> >>>
> >>> Exactly. That is why we provide the enterprise repository.
> >>
> >> IMHO the times where security and confidentiality (https) are limited to 
> >> enterprise/paid services are long gone.  As the OP noted, https comes at 
> >> no cost and there is no reason not to have it configured.  I'd even say, 
> >> that https is mandatory for every site publishing more than just 
> >> personal statements.
> > 
> > Again, please use the enterprise repository if you want https.
> > 
> 
> <shakes head in disbelief>
> 




> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20171130/7ef1d83d/attachment-0001.sig>


More information about the pve-user mailing list