0003150: HTTP, not HTTPS, used with apt-get update

ID	Project	Category	View Status	Date Submitted	Last Update

0003150	Kali Linux	Tool Upgrade Request	public	2016-03-16 18:16	2016-03-17 07:11

Reporter	bobmeyers	Assigned To	rhertzog
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	won't fix
Product Version	2016.1

Summary	0003150: HTTP, not HTTPS, used with apt-get update
Description	Perhaps using "apt-get update" is just a no-no with Kali. But if this is anticipated behavior, then it should use HTTPS. If it's not utterly obvious as to why, or worse, if you think that this is OK because you check the signature of all downloads, then please read the full bug description which I also submitted to Elementary OS: https://bugs.launchpad.net/elementaryos/+bug/1540147
Steps To Reproduce	Open a terminal. Do "sudo apt-get update" (actual upgrade is unnecessary but equally broken). Watch all the cute little "http" addresses float by while you expose your OS to man-in-the-middle attacks.

Date Modified	Username	Field	Change
2016-03-16 18:16	bobmeyers	New Issue
2016-03-17 07:11	rhertzog	Note Added: 0004979
2016-03-17 07:11	rhertzog	Status	new => closed
2016-03-17 07:11	rhertzog	Assigned To	=> rhertzog
2016-03-17 07:11	rhertzog	Resolution	open => won't fix
2021-05-31 13:37	rhertzog	Category	Tool Upgrade => Tool Upgrade Request

rhertzog 2016-03-17 07:11 administrator ~0004979	This is not going to be fixed by Kali. We follow the Debian best practices. If you have such fears, just use tor to download your updates...