[tor-bugs] #16984 [Website]: Debian Documentation invites People to use HTTP instead of HTTPS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 5 10:00:13 UTC 2015
#16984: Debian Documentation invites People to use HTTP instead of HTTPS
-------------------------+---------------------------
Reporter: herzi | Owner: Sebastian
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------------
The [https://www.torproject.org/docs/debian.html.en installation
documentation for debian] recommends (e.g. for Debian Jessie) a sources
list entry like this:
{{{
deb http://deb.torproject.org/torproject.org jessie main
deb-src http://deb.torproject.org/torproject.org jessie main
}}}
As these packages can also be [https://deb.torproject.org/torproject.org
downloaded via HTTPS], the recommendation should use the secure protocol
to reduce the amount of information visible to a potential eavesdropper.
At DebConf15, Jacob Applebaum
[http://www.richardhartmann.de/blog/posts/2015/08/24-Tor-
enabled_Debian_mirror/ recommended to TLS-enable] all mirrors. To be
aligned with that vision, the Tor project should not recommend non-TLS
setups.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16984>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list