Re: git: 9c59988175ff - main - bsdinstall: prefer HTTP

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Thu, 15 Feb 2024 14:55:03 UTC
On Thu, Feb 15, 2024 at 10:50:19PM +0800, Philip Paeps wrote:
> On 2024-02-15 22:40:19 (+0800), Shawn Webb wrote:
> > On Thu, Feb 15, 2024 at 10:28:53PM +0800, Philip Paeps wrote:
> > > On 2024-02-15 22:06:09 (+0800), Ronald Klop wrote:
> > > > Shouldn’t this be
> > > > 
> > > > https://download.freebsd.org/
> > > 
> > > No.
> > > 
> > > For hysterical raisins, FTP sites conventionally put FreeBSD under
> > > /pub/FreeBSD.  HTTP mirrors (including http://ftp.FreeBSD.org) have
> > > followed
> > > that convention.
> > > 
> > > http://download.FreeBSD.org is a more recent addition, and it has
> > > FreeBSD
> > > under /, not under /pub/FreeBSD.  We could teach nginx to put it
> > > under
> > > /pub/FreeBSD too, but spelling it ftp.FreeBSD.org was less work.
> > 
> > I'm curious to learn why you chose http:// rather than https://.
> 
> Because https:// only adds work.  And work is heat.
> 
> bsdinstall uses the MANIFEST to confirm integrity.
> 
> If your bsdinstall and MANIFEST are from a trustworthy source, anything
> downloaded over http:// will be trustworthy.  Just as trustworthy, in fact,
> as anything downloaded over ftp://.

There is the problem of metadata leakage, which HTTPS helps to address
(though not completely.)

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc