Date: Sun, 11 Mar 2018 15:05:29 +0100 From: Kurt Jaeger <pi@FreeBSD.org> To: Alexey Dokuchaev <danfe@FreeBSD.org> Cc: Bryan Drewery <bdrewery@FreeBSD.org>, "Danilo G. Baio" <dbaio@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, Eitan Adler <eadler@FreeBSD.org> Subject: Re: svn commit: r464037 - head/irc/znc Message-ID: <20180311140529.GN15257@fc.opsec.eu> In-Reply-To: <20180310080202.GA18340@FreeBSD.org> References: <201803100016.w2A0GnR8013646@repo.freebsd.org> <fd8d2bb5-6235-f193-b8c5-e3cb37ea973d@FreeBSD.org> <20180310080202.GA18340@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > On Fri, Mar 09, 2018 at 05:58:31PM -0800, Bryan Drewery wrote: > > This is a note in general, not specifically at you. But https for > > distfiles only achieves 2 things: 1. Privacy against someone snooping > > that you are downloading ZNC (is it really that important?) but still > > can see your DNS and connections to the ZNC site... and 2. It breaks > > proxy caching. So I don't think MASTER_SITES should be converted to > > https in general. There's this odd push for it lately but I don't see > > the benefit. > > Big +1 (HTTPS for distfiles is somewhat of a PITA for me as well). Can > we please go back to plain good HTTP? SHA256 provides enough assurance > against intermittent tampering with the distfiles. Has anyone really done a review of where things can go wrong if the distfiles are accessed using HTTP-only ? https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/ Until that is the case, HTTPS is at least a little safer than HTTP. -- pi@FreeBSD.org +49 171 3101372 2 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180311140529.GN15257>