Wednesday, July 17, 2019

Why Does APT Not Use HTTPS?

Chris Lamb (via Hacker News):

Accessing mirrors over HTTPS would not prevent a compromised mirror tampering with packages, so APT already has other mechanisms to guard against this.

Also, HTTPS would not stop a determined attacker deducing which apt packages your system was downloading (though this becomes more difficult).


A switch to HTTPS would also mean you could not take advantage of local proxy servers for speeding up access and would additionally prohibit many kinds of peer-to-peer mirroring where files are stored on servers not controlled directly by your distribution. This would disproportionately affect users in remote locales.


3 Comments RSS · Twitter


Forgot to mention that switch to https would have prevented the very nasty APT security flaw discover sooner this year…

You know, the kind of security flaw that permit an attacker to remotely execute arbitrary code with high privilege on target machine:

That only should be a reason to use https and not https.

A few months ago I was having a really hard time using apt successfully my home Ubuntu servers. The issue turned out to be my ISP, Comcast. Because I am frequently over the data cap, they insert warnings into my http traffic (they usually surface as an annoying popover in my browser.) It never occurred to me that this annoyance would also wreak havoc with my apt updates. Sure enough, as soon as I switched the mirrors over to https, my issues disappeared.

This is a textbook example where perfect is the enemy of good

Leave a Comment