In /etc/pkg/FreeBSD.conf is the config for the pkg server:
we should switch to the more secure HTTPS protocol by default:
Created attachment 188821 [details]
This will mean everything will fail to bootstrap because there is no root ca.
The root ca is installed by pkg, chicken egg problem.
How would it be more secure here, given everything is signed aka, all you get would be verified?
Packages are individually signed. I don't think it matters, as long as the indices and stuff pkg(1) trusts are also signed. The only real protection is that ISPs could not tell what packages were being fetched; except, this isn't even true, as they can correlated transfer sizes.
(In reply to Conrad Meyer from comment #3)
> I don't think it matters
(In reply to Baptiste Daroussin from comment #2)
Good point about the "chicken egg problem". This needs to be resolved at some time. Not short term, but mid term. I want a system which is secure from the beginning, right after installation.
Again from what has been said above, Can you state what is insecure in the process, given the signatures?