Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Kalinin2021-12-03 22:05:01
linux
Alexander Kalinin, 2021-12-03 22:05:01

Is it dangerous to use http-mirrors of repositories on the server instead of https? Is there a risk that packages could be tampered with?

For example, if certain intruders are interested in the machine

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
M
Melkij, 2021-12-03
@tchlgru

The question is incomplete without specifying a package manager.
For example, here is a translation of Debian's position explaining why they are in no hurry to transfer the transport layer to https.
If the package manager you are interested in also verifies downloaded packages, then the conclusion will be the same: it is safe enough.

Report
L
Lynn "Coffee Man", 2021-12-03
@Lynn

Safe unless you disable GPG signature verification

Report
J
justhostRU, 2021-12-03
@justhostRU

1. if there are such concerns, then it is better to use your own mirrors.
2. manually verify packages before installation after downloading or building from source.

Similar questions
R
rinaz222019-10-18 18:19:06
How to follow the link in the mobile version of the site only after the second click? 5Reply
T
thehighhomie2017-03-08 20:17:17
Setting up apache for webserver on linux? 1Reply
N
Nikita Chukov2015-03-05 01:35:09
How to configure file system export via nfs? 2Reply
A
Anonimus_No_Name2019-08-05 16:49:56
Fonts in Cygwin? 0Reply
J
John Smith2021-03-05 00:07:42
How to make a script in Linux that will install the programs I need? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question