From owner-freebsd-security@freebsd.org  Mon Dec 11 23:23:51 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD4BDEA25C8
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Mon, 11 Dec 2017 23:23:51 +0000 (UTC) (envelope-from yuri@rawbw.com)
Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42])
 by mx1.freebsd.org (Postfix) with ESMTP id A90DF7EF09
 for <freebsd-security@freebsd.org>; Mon, 11 Dec 2017 23:23:51 +0000 (UTC)
 (envelope-from yuri@rawbw.com)
Received: from yv.noip.me (c-24-6-186-56.hsd1.ca.comcast.net [24.6.186.56])
 (authenticated bits=0)
 by shell1.rawbw.com (8.15.1/8.15.1) with ESMTPSA id vBBNNTwT016566
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
 Mon, 11 Dec 2017 15:23:44 -0800 (PST) (envelope-from yuri@rawbw.com)
X-Authentication-Warning: shell1.rawbw.com: Host
 c-24-6-186-56.hsd1.ca.comcast.net [24.6.186.56] claimed to be yv.noip.me
Subject: Re: http subversion URLs should be discontinued in favor of https URLs
To: Yonas Yanfa <yonas@fizk.net>
Cc: freebsd-security@freebsd.org
References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com>
 <2a6d123c-8ee5-8e1e-d99b-4bce02345308@rawbw.com>
 <1217.1512685566@critter.freebsd.dk>
 <20171208082503.cve4526nkwf7chef@localhost>
 <201712112129.vBBLT7tj006260@donotpassgo.dyslexicfish.net>
 <225f2891-dc04-0e38-05bb-b4af9645f663@fizk.net>
From: Yuri <yuri@rawbw.com>
Message-ID: <b9bba941-e648-d38e-152b-072186cb5837@rawbw.com>
Date: Mon, 11 Dec 2017 15:23:28 -0800
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <225f2891-dc04-0e38-05bb-b4af9645f663@fizk.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 23:23:51 -0000

On 12/11/17 14:40, Yonas Yanfa wrote:
> I prefer HTTPS over HTTP as well, but wouldn't switching over to git 
> and using signed commits be even more secure than using HTTPS? 


So far, nobody pointed out even one security flaw of using https 
combined with the private CA. So no, they appear to be equally secure, 
with https approach having the advantage of being able to work on the 
same infrastructure in virtually the same way.


Yuri