Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> can we design a package distribution system that preserves privacy against nation state level actors?

That's a great question. Also, can we do it on top of the current Debian infrastructure (HTTP and everything)? Or do we need to change anything?



> Also, can we do it on top of the current Debian infrastructure (HTTP and everything)?

I'm pretty sure that is not possible, because the current infrastructure is just plain old HTTP file servers (anything that can sling bits will do) run by whoever fancies being a part of it.


If you create an onion layer like the GP proposes, I don't see any loss from it running over HTTP servers.


It already exists. It's called tor.

But the question here was why https isn't default in apt, not why tor isn't.


you're replying downstream of my comment containing "for me the real interesting question is:..." where I generalized the question away from the false dichotomy "keep apt as it is, or make https default in apt"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: