[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Update users.txt to HTTPS

From: Tim Ruehsen
Subject: Re: [PATCH] Update users.txt to HTTPS
Date: Thu, 16 Feb 2017 15:10:26 +0100
User-agent: KMail/5.2.3 (Linux/4.9.0-1-amd64; KDE/5.28.0; x86_64; ; )

On Thursday, February 16, 2017 1:46:56 PM CET Bruno Haible wrote:
> Tim Ruehsen wrote:
> > I updated the links in users.txt to HTTPS where possible (manually
> > checked). For outdated links I tried to find the current valid links.
> Thanks a lot! I've applied it in your name. The rationale, for me, is that
> http and ftp are vulnerable to man-in-the-middle attacks [1].
> Bruno
> [1] https://lists.gnu.org/archive/html/bug-gnulib/2017-01/msg00102.html

Thanks, and yes, MITM active and passive (reading content) attacks are my 
rationale as well.

It is pretty bad, that many announcements[1] still point to our ftp and http 
sites. How many downloaders check the signatures manually ? 1% ?

Am I the only maintainer using HTTPS (for wget announcements) ?
I already thought about dropping the reference to http://ftpmirror.gnu.org/.
There is no HTTPS pendant.

[1] http://lists.gnu.org/archive/html/info-gnu/2017-02/index.html

Regards, Tim

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]