Date: Tue, 5 Dec 2017 16:10:56 -0800 From: Gordon Tetlow <gordon@tetlows.org> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <20171206001056.GI9701@gmail.com> In-Reply-To: <20171205231845.5028d01d@gumby.homeunix.com> References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 05, 2017 at 11:18:45PM +0000, RW via freebsd-security wrote: > On Tue, 5 Dec 2017 14:08:49 -0800 > Gordon Tetlow wrote: > > > > Using this as a reason to not move to HTTPS is a fallacy. We should do > > everything we can to help our end-users get FreeBSD in the most secure > > way. > > I think it's more a question of whether all users should be forced onto > https even if it might prevent some users from getting security updates. I agree with this sentiment. I would like https to be the default with http being an explicit decision on the user's end to use. This way, the naive user can get the benefits of encryption in transit while a knowledgable user can accept the risk of getting updates via http. Best, Gordon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171206001056.GI9701>