Re: [PATCH] Update users.txt to HTTPS

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Update users.txt to HTTPS

From:	Tim Ruehsen
Subject:	Re: [PATCH] Update users.txt to HTTPS
Date:	Thu, 16 Feb 2017 15:10:26 +0100
User-agent:	KMail/5.2.3 (Linux/4.9.0-1-amd64; KDE/5.28.0; x86_64; ; )

On Thursday, February 16, 2017 1:46:56 PM CET Bruno Haible wrote:
> Tim Ruehsen wrote:
> > I updated the links in users.txt to HTTPS where possible (manually
> > checked). For outdated links I tried to find the current valid links.
> 
> Thanks a lot! I've applied it in your name. The rationale, for me, is that
> http and ftp are vulnerable to man-in-the-middle attacks [1].
> 
> Bruno
> 
> [1] https://lists.gnu.org/archive/html/bug-gnulib/2017-01/msg00102.html

Thanks, and yes, MITM active and passive (reading content) attacks are my 
rationale as well.

It is pretty bad, that many announcements[1] still point to our ftp and http 
sites. How many downloaders check the signatures manually ? 1% ?

Am I the only maintainer using HTTPS (for wget announcements) ?
I already thought about dropping the reference to http://ftpmirror.gnu.org/.
There is no HTTPS pendant.

[1] http://lists.gnu.org/archive/html/info-gnu/2017-02/index.html

Regards, Tim

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Update users.txt to HTTPS, Tim Ruehsen, 2017/02/16
- Re: [PATCH] Update users.txt to HTTPS, Bruno Haible, 2017/02/16
  - Re: [PATCH] Update users.txt to HTTPS, Tim Ruehsen <=

Prev by Date: Re: [PATCH] Update users.txt to HTTPS
Next by Date: libfixposix
Previous by thread: Re: [PATCH] Update users.txt to HTTPS
Next by thread: libfixposix
Index(es):
- Date
- Thread