Date: Sat, 19 Sep 2015 10:21:10 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd-security <freebsd-security@freebsd.org> Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <55FD1AF6.6040106@obluda.cz> In-Reply-To: <BAAC79FE-6D93-47CF-BC0A-B3B381698524@ccsys.com> References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com> <alpine.LRH.2.11.1509180646470.14490@nber4.nber.org> <7BAECC2B-5001-47D6-9199-8549697E7807@spam.lifeforms.nl> <CACf9JSXsEBBMmo57OB_cqgRM7SvbW%2Bdh7n0ybDg2kX4EGyMVjw@mail.gmail.com> <201509181444.IAA15072@mail.lariat.net> <BAAC79FE-6D93-47CF-BC0A-B3B381698524@ccsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad J. Milios wrote: > How did this topic of the conversation start? Because http://freebsd.org doesn't issue a redirect to https://? Such a thing does not increase security I'm against automatic redirection as well. If someone prefer https then he can use it just now. If someone can't use https or doesn't prefer it, then he can use https. I see nothing positive to force https regardless the users preference. According binary distribution - I would like prefer a validation mechanism independent from particular transport protocol. E.g. a signature. In such case even FTP can be used. Just my $0.02 Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55FD1AF6.6040106>