On 2/19/2016 5:48 AM, Devrim GÜNDÜZ wrote:
>
> Hi,
>
> On Fri, 2016-02-19 at 02:03 -0400, Michael Gauthier wrote:
>> The instructions on http://yum.postgresql.org/howtoyum.php for
>> installing the PostgreSQL YUM repository are insecure.
>>
>> You are asking people to download and install the repo RPM package over
>> HTTP. A MITM attack could serve an arbitrary RPM and trick users into
>> installing arbitrary software.
>
> Thanks for the heads up. I updated the links on that page, so that they point
> to https://download.postgresql.org . Does it work for you?
>
> Please let us know if you see more issues with this.
>
> Regards,
>
Hi Devrim,
Thanks for the quick update to use HTTPS! This is indeed much better
than before and works for me.
Cheers,
Mike