[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: Re: [gentoo-dev] [RFC] Using HTTPS mirrors only in thirdpartymirrors (when possible)
From: Chí-Thanh_Christopher_Nguyễn <chithanh () gentoo ! org>
Date: 2019-09-30 20:30:16
Message-ID: 33ed4b48-1791-10bd-a7da-4559f9713d87 () gentoo ! org
[Download RAW message or body]
Michał Górny schrieb:
> Many 'FTP' hosts belong to different tiers. There's a major difference
> between knowing that a user is fetching *something* from big mirror of
> everything, and knowing the exact precise thing being fetched. It may
> mean knowing that the user is fetching vulnerable package (for whatever
> reason).
As Portage uses one connection per file, which exact file was downloaded can
still be inferred from the amount of transferred data (to a degree).
I agree that it is a step forward though, however small it is.
Best regards,
Chí-Thanh Christopher Nguyễn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic