Code: Select all
cat /etc/apt/sources.list.d/official-package-repositories.list
Code: Select all
cat /etc/apt/sources.list.d/official-package-repositories.list
I am! Even a security update itself is via http. Exactly why is that though?Pjotr wrote: ⤴Tue May 30, 2023 4:26 am Oh that, haha. Well, run this command and you're probably in for a shock:Code: Select all
cat /etc/apt/sources.list.d/official-package-repositories.list
From what little I understand about HTTPS, it's very easy for anyone to set it up and get a certificate, so a site being HTTPS doesn't mean it's definitely legitimate. HTTPS apparently doesn't quite mean as much as it's portrayed. Also, I assume the page is more about text and not about submitting sensitive information, for example, thus it wouldn't really matter if things are encrypted or not. I'd welcome a correction though, as this ain't my area.red-striped-zebra wrote: ⤴Tue May 30, 2023 1:54 am cause you posted an http(not secure) link to the ubuntu changelogs, in the second post.
Packages are digitally signed with GPG. It's a fairly solid system, as I understand it. You can use HTTPS, provided the mirror supports it, but I don't think it's necessary.red-striped-zebra wrote: ⤴Tue May 30, 2023 5:25 am Even a security update itself is via http. Exactly why is that though?
If you're referring to its age, it's still supported until April 2025 (cit).stevengarland wrote: ⤴Wed May 31, 2023 10:12 am The rest of the question is why qre you using Mint 20.3?
goodness me, you people!
Because it runs as smooth as a pro-skater on an ice-rink. <3stevengarland wrote: ⤴Tue May 30, 2023 5:59 am The rest of the question is why qre you using Mint 20.3?
reads like a nerd defending nerdism. You must be a techie and love tinkering around with security(!).Termy wrote: ⤴Tue May 30, 2023 5:59 am From what little I understand about HTTPS, it's very easy for anyone to set it up and get a certificate, so a site being HTTPS doesn't mean it's definitely legitimate. HTTPS apparently doesn't quite mean as much as it's portrayed.
...
packages are digitally signed with GPG. It's a fairly solid system, as I understand it. You can use HTTPS, provided the mirror supports it, but I don't think it's necessary.
I'm not sure my character or how I spend my time is at all relevant to whether HTTP is acceptable or not, nor why you seemed to dismiss what I'm fairly sure is a viable answer to your question. I'll reword: APT is in all likelihood acceptable with HTTP mirrors, because packages are cryptographically signed. You can use HTTPS mirrors, if you want and if the mirror (AKA: server) supports it, just as you can choose to install a different browser.red-striped-zebra wrote: ⤴Thu Jun 01, 2023 8:02 am reads like a nerd defending nerdism. You must be a techie and love tinkering around with security(!).
For the rest of us though, If some technology is outdated and the whole world has moved on to the newer one, we would; plus anyone can set it up as you say, then one would think that an important OS like ubuntu should have by now.
+1Termy wrote: ⤴Thu Jun 01, 2023 5:32 pmI'm not sure my character or how I spend my time is at all relevant to whether HTTP is acceptable or not, nor why you seemed to dismiss what I'm fairly sure is a viable answer to your question. I'll reword: APT is in all likelihood acceptable with HTTP mirrors, because packages are cryptographically signed. You can use HTTPS mirrors, if you want and if the mirror (AKA: server) supports it, just as you can choose to install a different browser.red-striped-zebra wrote: ⤴Thu Jun 01, 2023 8:02 am reads like a nerd defending nerdism. You must be a techie and love tinkering around with security(!).
For the rest of us though, If some technology is outdated and the whole world has moved on to the newer one, we would; plus anyone can set it up as you say, then one would think that an important OS like ubuntu should have by now.
If by HTTP being outdated you mean that it's no longer relevant, then I'm almost certain that's incorrect, but a simple trip to your search engine of choice would probably lead to more concrete answers. I would argue that HTTP is a perfectly acceptable protocol where appropriate, just as peddle bikes are perfectly acceptable modes of transport, despite buses and trains being available.
Lastly, before I head off, please remember that not understanding what someone is saying, does not require that they are wrong or that you are right; in-fact, I think this comes under something called confirmation bias, since you're dismissing an opposing view, not considering all of the facts, and only paying attention to that which supports your view.
Oh, please don't be offended. It was meant as a tongue-in-cheek compliment, is all.Termy wrote: ⤴Thu Jun 01, 2023 5:32 pm I'm not sure my character or how I spend my time is at all relevant to whether HTTP is acceptable or not, nor why you seemed to dismiss what I'm fairly sure is a viable answer to your question. I'll reword: APT is in all likelihood acceptable with HTTP mirrors, because packages are cryptographically signed. You can use HTTPS mirrors, if you want and if the mirror (AKA: server) supports it, just as you can choose to install a different browser.
If by HTTP being outdated you mean that it's no longer relevant, then I'm almost certain that's incorrect, but a simple trip to your search engine of choice would probably lead to more concrete answers. I would argue that HTTP is a perfectly acceptable protocol where appropriate, just as peddle bikes are perfectly acceptable modes of transport, despite buses and trains being available.
Lastly, before I head off, please remember that not understanding what someone is saying, does not require that they are wrong or that you are right; in-fact, I think this comes under something called confirmation bias, since you're dismissing an opposing view, not considering all of the facts, and only paying attention to that which supports your view.