svn commit: r464037 - head/irc/znc
Kurt Jaeger
pi at FreeBSD.org
Sun Mar 11 14:05:34 UTC 2018
Hi!
> On Fri, Mar 09, 2018 at 05:58:31PM -0800, Bryan Drewery wrote:
> > This is a note in general, not specifically at you. But https for
> > distfiles only achieves 2 things: 1. Privacy against someone snooping
> > that you are downloading ZNC (is it really that important?) but still
> > can see your DNS and connections to the ZNC site... and 2. It breaks
> > proxy caching. So I don't think MASTER_SITES should be converted to
> > https in general. There's this odd push for it lately but I don't see
> > the benefit.
>
> Big +1 (HTTPS for distfiles is somewhat of a PITA for me as well). Can
> we please go back to plain good HTTP? SHA256 provides enough assurance
> against intermittent tampering with the distfiles.
Has anyone really done a review of where things can go wrong if the
distfiles are accessed using HTTP-only ?
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
Until that is the case, HTTPS is at least a little safer than HTTP.
--
pi at FreeBSD.org +49 171 3101372 2 years to go !
More information about the svn-ports-head
mailing list