Drew DeVault via plug on 21 Sep 2019 18:56:36 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] The lock down?! Uhh.. why? |
On Fri Sep 20, 2019 at 3:21 PM prushik--- via plug wrote: > This assumes that each file is downloaded in a seperate connection, > which I doubt is the case. Popularity of HTTP 1.1 is probably in part > do to the fact that it fixes this, making TLS more secure and > mitigating the performance overhead. Even with HTTP 1.1, I'm sure timing attacks are trivial for separating out the individual requests. It would be more difficult with HTTP 2 but I think we're still several years out from seeing broad adoption across mirrors. Other distros don't have a herd of starry-eyed programmers implementing every RFC they can get their grubby hands on, either. Outside of Debian I would be surprised to see HTTP 1.1 persistent connections being used. My distro of choice, Alpine Linux, definitely does not use them. A quick survey of pacman shows that it shells out to curl for every request, which is convenient because you can replace curl with an arbitrary command to fetch over some other transport. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug