This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Prefer https: for GNU and FSF URLs

From: "Maciej W. Rozycki" <macro at imgtec dot com>
To: Jonathan Nieder <jrnieder at gmail dot com>
Cc: Paul Eggert <eggert at cs dot ucla dot edu>, GNU C Library <libc-alpha at sourceware dot org>
Date: Thu, 5 Oct 2017 00:19:53 +0100
Subject: Re: [PATCH] Prefer https: for GNU and FSF URLs
Authentication-results: sourceware.org; auth=none
References: <18cce39e-4a5a-27d8-a1ca-5ec45973088e@cs.ucla.edu> <alpine.DEB.2.00.1709291634040.12020@tp.orcam.me.uk> <20170929165905.GH19555@aiede.mtv.corp.google.com>

Hi Jonathan,

> > What's wrong with FTP, especially as given what you have stated it seems
> > useful for people beyond myself, and not merely (as it is in my case) for
> > convenience reasons?
> 
> FTP is vulnerable to mitm in the same way as HTTP is.

 Hmm, weren't the GPG signatures meant to address it?  Though indeed the 
keys I've seen used weren't particularly trustable, with very few if any 
signatures attached, so that could be considered a failed attempt.  OTOH
with HTTPS we need to trust the CA, which might be the single weak point.

  Maciej

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]