Hi I’m quite new to suse and linux in general. Can someone please help me out with quick question. I realise package downloads are varified with GPG keys, which is great.
However, I have discovered that for each repository source I can choose in yast to access the source over https rather than http. Presumably this would make my connection to the repository source more secure.
My question is, if I choose to access the rep source with http, will that simply enhance the security I already have with the GPG keys, or would I then be using https (SSL) instead of GPG keys when downloading packages?
The two are separate issues. Keys are used to verify that the publisher is who they claim to be, whether you are using http or https. https is used to prevent parties in between from seeing your traffic. If you are worried that your ISP might learn something from the packages you install, then https is for you. Otherwise just relax.
Thanks for that. I was hoping that was case. Yeah I do need to relax. Not worried about isp seeing info, was worried of possibility of third party throwing in malware as I download if connection not secure.