Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Mar 2018 10:01:32 -0500
From:      Benjamin Kaduk <bjkfbsd@gmail.com>
To:        rgrimes@freebsd.org
Cc:        Edward Tomasz Napierala <trasz@freebsd.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org>
Subject:   Re: svn commit: r331618 - head/share/man/man7
Message-ID:  <CAJ5_RoCNDvr5mh7%2B0Hp44zOOjJFqATNandSbomp8nmcSTGLbgQ@mail.gmail.com>
In-Reply-To: <201803271457.w2REv6tH052497@pdx.rh.CN85.dnsmgr.net>
References:  <201803271451.w2REpJP9078197@repo.freebsd.org> <201803271457.w2REv6tH052497@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Mar 27, 2018 at 9:57 AM, Rodney W. Grimes <
freebsd@pdx.rh.cn85.dnsmgr.net> wrote:

> > Author: trasz
> > Date: Tue Mar 27 14:51:19 2018
> > New Revision: 331618
> > URL: https://svnweb.freebsd.org/changeset/base/331618
> >
> > Log:
> >   Use https:// instead of http://.
> >
> >   MFC after:  2 weeks
> >
> > Modified:
> >   head/share/man/man7/development.7
> >
> > Modified: head/share/man/man7/development.7
> > ============================================================
> ==================
> > --- head/share/man/man7/development.7 Tue Mar 27 14:50:12 2018
> (r331617)
> > +++ head/share/man/man7/development.7 Tue Mar 27 14:51:19 2018
> (r331618)
> > @@ -57,7 +57,7 @@ can be found at:
> >  FreeBSD src development takes place in the CURRENT branch in Subversion,
> >  located at:
> >  .Pp
> > -.Lk http://svn.FreeBSD.org/base/head
> > +.Lk https://svn.FreeBSD.org/base/head
> >  .Pp
> >  There is also a read-only GitHub mirror at:
> >  .Pp
>
> Why do we want to run the load of TLS for what are public bits?
> And fyi a default install of FreeBSD can not use https, you have
> to install certs from ports before any of these https links
> can even work, and that can be a royal pita in some situations.
>

Many of us are used to thinking of the network as controlled by an attacker.
Running http-not-s to fetch the sources lets "the attacker" supply an
arbitrary
collection of bits under the name FreeBSD without a good way for the user to
check that the bits on their disk match what the FreeBSD Project expects
them to be.
TLS provides data integrity as well as confidentiality...

-Ben

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ5_RoCNDvr5mh7%2B0Hp44zOOjJFqATNandSbomp8nmcSTGLbgQ>