Date: Thu, 15 Feb 2024 14:55:03 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Philip Paeps <philip@freebsd.org> Cc: Ronald Klop <ronald-lists@klop.ws>, dev-commits-src-main@freebsd.org, src-committers@freebsd.org, dev-commits-src-all@freebsd.org Subject: Re: git: 9c59988175ff - main - bsdinstall: prefer HTTP Message-ID: <l4554bcbxule5u4s43qlc6mn7bgcqhaeqkpjrmro7l5txmpfcx@jvwcfmagk7jx> In-Reply-To: <4A6EC239-4B9B-442C-ACFB-8F99A951630A@freebsd.org> References: <901819076.6938.1708005969197@localhost> <7B54789B-90DD-4A85-8E2B-84E13DAE54B5@freebsd.org> <mn7f4ehfdeg6xwwxmwy44lj5zvhjl6cjucc4pbbqorlzxbgeup@qb7s4gerhpcr> <4A6EC239-4B9B-442C-ACFB-8F99A951630A@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--evakntyqaitg5ijt Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 15, 2024 at 10:50:19PM +0800, Philip Paeps wrote: > On 2024-02-15 22:40:19 (+0800), Shawn Webb wrote: > > On Thu, Feb 15, 2024 at 10:28:53PM +0800, Philip Paeps wrote: > > > On 2024-02-15 22:06:09 (+0800), Ronald Klop wrote: > > > > Shouldn=E2=80=99t this be > > > >=20 > > > > https://download.freebsd.org/ > > >=20 > > > No. > > >=20 > > > For hysterical raisins, FTP sites conventionally put FreeBSD under > > > /pub/FreeBSD. HTTP mirrors (including http://ftp.FreeBSD.org) have > > > followed > > > that convention. > > >=20 > > > http://download.FreeBSD.org is a more recent addition, and it has > > > FreeBSD > > > under /, not under /pub/FreeBSD. We could teach nginx to put it > > > under > > > /pub/FreeBSD too, but spelling it ftp.FreeBSD.org was less work. > >=20 > > I'm curious to learn why you chose http:// rather than https://. >=20 > Because https:// only adds work. And work is heat. >=20 > bsdinstall uses the MANIFEST to confirm integrity. >=20 > If your bsdinstall and MANIFEST are from a trustworthy source, anything > downloaded over http:// will be trustworthy. Just as trustworthy, in fac= t, > as anything downloaded over ftp://. There is the problem of metadata leakage, which HTTPS helps to address (though not completely.) Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --evakntyqaitg5ijt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmXOJbwACgkQ/y5nonf4 4fok6A//XmTNIc+pYhy2zWAAIHXGrdlqCENi+GI/IBTqXQDF4YtdPLw6TrjOBz15 jzWTt6mdrKpqDSJkFEU7z/ctr3LIOi5dMQ2+netXABjwQgg1we4Aq1M7IHgjEokA ug/0Vv0TuwKgAA956ImDN6ia1go+KNsUBg+DnkHiwgqSOxTHdJKLzdzhHJAJBZcP WI7kC5LTNUUfAqNQsnJt/RPu1beRpvB+SoxMXDsMyY9s6Ei8D119kIaSwWLughbK pqars+YxtAW5SULNpk8JNQzZrkZirlR2Rmvn2VVe4kV53KyIM7wvl1tGsbkfr2w2 x3+EDf2Xl5auFMEVXC2WX7lSL2S1A8wxjWynoP4oeflc+TdY1bUuvMdhvbL/qd6r dZmlBdvaz0POVKPv+w587nvk5eXnKuJj5L4a6t32kzDBsc3t/3vX9SV1W5WO2jxJ J0/YArMxHeZyPMkFRf8Vcpq1MvzZ1EPWR4vWsyvOt1e3J/UcAmxgjTV0dndyR9TJ wXEzqsOilEMMkgAVJdFhWvwIiw0GtkZaaj4wuoeATB6TYgDxPmYExcu0jP7xlVJv AB/rMZXsRqoA4JvrQcKyDLuo0HIuOugogAS3rQR8h220ZmGsYfKi+o4zGTIruUO+ Ux1uywAZpKm3n9cVnGVaySz7LsN0qw6T3KvSMef+5oa9Xp9ktFg= =wD1R -----END PGP SIGNATURE----- --evakntyqaitg5ijt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l4554bcbxule5u4s43qlc6mn7bgcqhaeqkpjrmro7l5txmpfcx>