Date: Tue, 5 Dec 2017 12:59:25 -0800 From: Yuri <yuri@rawbw.com> To: freebsd-security@freebsd.org Subject: http subversion URLs should be discontinued in favor of https URLs Message-ID: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com>
next in thread | raw e-mail | index | archive | help
I suggested this PR, but it got rejected: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224097 http is insecure in its nature, and is an easy target for MITM. This is why https should be preferred. http needs to be discontinued and shut down because as long as it exists somebody will keep using it and will be in danger. Few years ago Wikimedia Foundation switched to https and discontinued http entirely: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https I think this makes a lot of sense, and FreeBSD should do the same. It's understood that a lot of arguments can be made for and against this, like with any other issue, but security argument should outweigh most or all other arguments. Regards, Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97f76231-dace-10c4-cab2-08e5e0d792b5>