[PVE-User] HTTPS for download.proxmox.com
frank.thommen at uni-heidelberg.de
Thu Nov 30 15:45:19 CET 2017
On 11/30/2017 03:11 PM, lemonnierk at ulrar.net wrote:
> This is dumb. I agree that it wouldn't cost them anything to setup
> HTTPS, but I also agree that it is useless. The packages are signed and
> apt already checks the signature, HTTPS wouldn'd add anything at all.
Not true: It gives you the certainty to be connected to the "real"
proxmox page and not a fake page, e.g. by being redirected through a
hacked nameserver or local resolver.
And afaik, those using the community version don't have access to the
> Unless you want to hide the fact that you are installing proxmox itself,
> but the connection to proxmox's repo itself gives that away.
> On Thu, Nov 30, 2017 at 03:01:53PM +0100, John Crisp wrote:
>> On 30/11/17 14:34, Dietmar Maurer wrote:
>>>> On 11/30/2017 02:21 PM, Dietmar Maurer wrote:
>>>>>> I greatly respect the work you do on Proxmox but this specific response
>>>>>> is under your habitual standards from a security standpoint.
>>>>> Exactly. That is why we provide the enterprise repository.
>>>> IMHO the times where security and confidentiality (https) are limited to
>>>> enterprise/paid services are long gone. As the OP noted, https comes at
>>>> no cost and there is no reason not to have it configured. I'd even say,
>>>> that https is mandatory for every site publishing more than just
>>>> personal statements.
>>> Again, please use the enterprise repository if you want https.
>> <shakes head in disbelief>
>> pve-user mailing list
>> pve-user at pve.proxmox.com
> pve-user mailing list
> pve-user at pve.proxmox.com
Frank Thommen | HD-HuB / DKFZ Heidelberg
| frank.thommen at uni-heidelberg.de
| MMK: +49-6221-54-3637 (Mo-Mi, Fr)
| IPMB: +49-6221-54-5823 (Do)
More information about the pve-user