-
Type: Bug
-
Resolution: Won't Fix
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:
-
Environment:
*Location*: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/
*User-Agent*: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
*Screen Resolution*: 1920 x 1080
*repo*: docs
*source*: tutorial/install-mongodb-on-red-hat
The official MongoDB guide suggests that I add a `.repo` with `gpgcheck=0` over HTTP protocol. I'm getting the feeling that this is a very insecure setup - I am worried about exposing myself to MiTM attacks this way everytime I try to update my system within an untrusted network. Is this actually possible or are there any security mechanisms that I'm not aware of that would protect me from that? If not, is there any way to make this `.repo` setup more secure without relying on my OS's old packages or compiling the program from scratch?