"Linux Mint Blog" Not HTTPS

eatenimpinia · Post by **eatenimpinia** » Tue Oct 18, 2016 10:24 am

Not sure if this is the right place, but even though this forum and the main Linux Mint web site are now all HTTPS, for some reason, the Linux Mint Blog is not. Any particular reason?

http://blog.linuxmint.com/

Post by **xenopeek** » Tue Oct 18, 2016 1:32 pm

HTTPS works but it breaks the theme of the website. I think this one is still on the todo list. Like all our websites, it is protected from malware and attacks by Sucuri though.

niubboxp · Post by **niubboxp** » Wed Oct 19, 2016 9:12 am

The repositories should be in https, i think this is a security breach more important than blogs, man in the middle is so bad things, imagine if someone will redirect a kernel update with a malicious one and so

Post by **xenopeek** » Wed Oct 19, 2016 11:52 am

niubboxp wrote:The repositories should be in https, i think this is a security breach more important than blogs, man in the middle is so bad things, imagine if someone will redirect a kernel update with a malicious one and so

https for the repositories is not really relevant. All the packages and updates are cryptographically signed by the developers and before any package or update is installed it is verified to originate from the developers and to not have been tampered with.

https is relevant to keep transmitted data private, after establishing a connection to a URL. As such whether you use http or https, anybody snooping on your connection can see which package or update you are retrieving as the URL itself is transmitted in clear text.

Linux Mint Forums

"Linux Mint Blog" Not HTTPS

"Linux Mint Blog" Not HTTPS

Re: "Linux Mint Blog" Not HTTPS

Re: "Linux Mint Blog" Not HTTPS

Re: "Linux Mint Blog" Not HTTPS