:: Re: [DNG] [corsac@debian.org: [SECU…
Inizio della pagina
Delete this message
Reply to this message
Autore: Florian Zieboll
Data:  
To: dng
Oggetto: Re: [DNG] [corsac@debian.org: [SECURITY] [DSA 4371-1] apt security update]
Am 23. Januar 2019 23:54:10 MEZ schrieb KatolaZ <katolaz@???>:

> No Florian, there is no "not-redirecting" repository in Devuan. Any
> Devuan repo will redirect to the corresponding Debian repo for all the
> packages that have not been forked by Debian, so you can't set
> AllowRedirect to false.
>
> The safest way is to manually download apt from the Debian pool, as
> explained in the email I forwarded. Or, if you trust Devuan, to use
> pkgmaster.devuan.org in your sources.list (that one is the master
> Devuan repo, and is on a machine to which only a reduced number of
> core developers have access), do the update, and then put back
> deb.devuan.org.
>
> HTH
>
> KatolaZ



Hallo Katolaz,

thanks for the quick clarification, I was just about to type a follow up message. Do IIUC that without tls it is still possible to mount a MITM attack?

Florian

--

[message sent mobile]