[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Update users.txt to HTTPS
From: |
Tim Ruehsen |
Subject: |
Re: [PATCH] Update users.txt to HTTPS |
Date: |
Thu, 16 Feb 2017 15:10:26 +0100 |
User-agent: |
KMail/5.2.3 (Linux/4.9.0-1-amd64; KDE/5.28.0; x86_64; ; ) |
On Thursday, February 16, 2017 1:46:56 PM CET Bruno Haible wrote:
> Tim Ruehsen wrote:
> > I updated the links in users.txt to HTTPS where possible (manually
> > checked). For outdated links I tried to find the current valid links.
>
> Thanks a lot! I've applied it in your name. The rationale, for me, is that
> http and ftp are vulnerable to man-in-the-middle attacks [1].
>
> Bruno
>
> [1] https://lists.gnu.org/archive/html/bug-gnulib/2017-01/msg00102.html
Thanks, and yes, MITM active and passive (reading content) attacks are my
rationale as well.
It is pretty bad, that many announcements[1] still point to our ftp and http
sites. How many downloaders check the signatures manually ? 1% ?
Am I the only maintainer using HTTPS (for wget announcements) ?
I already thought about dropping the reference to http://ftpmirror.gnu.org/.
There is no HTTPS pendant.
[1] http://lists.gnu.org/archive/html/info-gnu/2017-02/index.html
Regards, Tim
signature.asc
Description: This is a digitally signed message part.