There's little that inspires confidence that what is used is not actually awful,...

XorNot · on May 21, 2023

Why would transport cryptography be in scope for package signing?

It's literally an anti-feature, because any practical environment needs to MITM and inspect the incoming package stream to enforce policy, or provide caches.

The abuse of HTTPS to "verify" content on the internet has been one of the biggest missteps.

Avamander · on May 21, 2023

> Why would transport cryptography be in scope for package signing?

It's not just package signatures that aren't encrypted. In addition to avoiding any MITM exploiting the implementation that verifies those signatures there are other parts most people don't want to reveal to a random MITM.

> It's literally an anti-feature, because any practical environment needs to MITM and inspect the incoming package stream to enforce policy, or provide caches.

It's not. Most users are not in an environment where this would be a positive aspect, rather than a potential way to deny a service or invade their privacy.

This day and age we have better methods than leaving things just plaintext. Take a look at DNS for example.

XorNot · on May 22, 2023

> Most users are not in an environment where this would be a positive aspect, rather than a potential way to deny a service or invade their privacy.

I think you are wildly disconnected from "most users" if you think most users care about who knows what Linux packages they're downloading, or are at risk of having that ability removed based on MITM inspection of their HTTP traffic.

Avamander · on May 22, 2023

I think it's the exact opposite at play here. There are many countries with millions of people, thousands of Debian(-like) users that get MITMed constantly. There are a few organisations where such MITM is useful and someone provides caching. The cons heavily outweigh the risks but you're in a privileged situation.