[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible)
From:       Chí-Thanh_Christopher_Nguyễn <chithanh () gentoo ! org>
Date:       2019-09-30 20:30:16
Message-ID: 33ed4b48-1791-10bd-a7da-4559f9713d87 () gentoo ! org
[Download RAW message or body]

Michał Górny schrieb:

> Many 'FTP' hosts belong to different tiers.  There's a major difference
> between knowing that a user is fetching *something* from big mirror of
> everything, and knowing the exact precise thing being fetched.  It may
> mean knowing that the user is fetching vulnerable package (for whatever
> reason).

As Portage uses one connection per file, which exact file was downloaded can
still be inferred from the amount of transferred data (to a degree).

I agree that it is a step forward though, however small it is.


Best regards,
Chí-Thanh Christopher Nguyễn

[prev in list] [next in list] [prev in thread] [next in thread]