5Mar
Is a MITM attack possible for my apt repo?
OS is Debian. Imagine I have my own apt repo set up inside a private network.
This repo is set up to provide a single package to other servers on this network.
I can easily create a signing key for my repo, but this scenario got me thinking: As far as I understand, the key is needed so that whatever system downloads the package knows the package wasn't tampered with.
Could a MITM attack happen between a server and my repo? If so, how would that happen? Seems impossible since both the repo and the server are inside a private network, but I would like to understand this better.
