[PVE-User] HTTPS for download.proxmox.com

Fabian Gr├╝nbichler f.gruenbichler at proxmox.com
Thu Nov 30 16:44:22 CET 2017


> Francesco Ongaro <francesco.ongaro at isgroup.it> hat am 30. November 2017 um 16:34 geschrieben:
> 
> 
> On 30/11/2017 15:11, lemonnierk at ulrar.net wrote:
> > This is dumb. I agree that it wouldn't cost them anything to setup
> > HTTPS, but I also agree that it is useless. The packages are signed and
> > apt already checks the signature, HTTPS wouldn'd add anything at all.
> > 
> > Unless you want to hide the fact that you are installing proxmox itself,
> > but the connection to proxmox's repo itself gives that away.
> 
> You are right until you install something manually using dpkg.
> 
> Example:
> 
> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb
> 

for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous..

1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463



More information about the pve-user mailing list