"Linux Mint Blog" Not HTTPS

Questions about the project and the distribution - obviously no support questions here please
Post Reply
User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

"Linux Mint Blog" Not HTTPS

Post by eatenimpinia »

Not sure if this is the right place, but even though this forum and the main Linux Mint web site are now all HTTPS, for some reason, the Linux Mint Blog is not. Any particular reason?

http://blog.linuxmint.com/
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

User avatar
xenopeek
Level 24
Level 24
Posts: 24276
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: "Linux Mint Blog" Not HTTPS

Post by xenopeek »

HTTPS works but it breaks the theme of the website. I think this one is still on the todo list. Like all our websites, it is protected from malware and attacks by Sucuri though.
Image

niubboxp
Level 3
Level 3
Posts: 143
Joined: Mon Aug 31, 2015 2:00 am

Re: "Linux Mint Blog" Not HTTPS

Post by niubboxp »

The repositories should be in https, i think this is a security breach more important than blogs, man in the middle is so bad things, imagine if someone will redirect a kernel update with a malicious one and so
Linux Mint 18 64bit Cinnamon

User avatar
xenopeek
Level 24
Level 24
Posts: 24276
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: "Linux Mint Blog" Not HTTPS

Post by xenopeek »

niubboxp wrote:The repositories should be in https, i think this is a security breach more important than blogs, man in the middle is so bad things, imagine if someone will redirect a kernel update with a malicious one and so
https for the repositories is not really relevant. All the packages and updates are cryptographically signed by the developers and before any package or update is installed it is verified to originate from the developers and to not have been tampered with.

https is relevant to keep transmitted data private, after establishing a connection to a URL. As such whether you use http or https, anybody snooping on your connection can see which package or update you are retrieving as the URL itself is transmitted in clear text.
Image

Post Reply

Return to “Non-technical Questions”